5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
82.0%
Edit Limit enables you to set time and count-based limits on how and when a user can edit nodes or comments.
The module doesn’t sufficiently check user access when editing comments to see if the user has the necessary permissions to edit a comment outside of the limits applied by this module. This makes it possible for a user who can edit their own comments to edit the comments of any other user.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “edit comments”.
Drupal core is not affected. If you do not use the contributed Edit Limit module, there is nothing you need to do.
Install the latest version:
Also see the Edit Limit project page.