Lucene search

Ubuntu.comUB:CVE-2022-25273

HistoryApr 26, 2023 - 12:00 a.m.

CVE-2022-25273

2023-04-2600:00:00

ubuntu.com

cve-2022-25273

drupal core

form api

vulnerability

input validation

contributed modules

custom modules

improper input

sensitive data

unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

Drupal core’s form API has a vulnerability where certain contributed or
custom modules’ forms may be vulnerable to improper input validation. This
could allow an attacker to inject disallowed values or overwrite data.
Affected forms are uncommon, but in certain cases an attacker could alter
critical or sensitive data.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchdrupal7< anyUNKNOWN
ubuntu16.04noarchdrupal7< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	drupal7	< any	UNKNOWN
ubuntu	16.04	noarch	drupal7	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2022-25273

nvd.nist.gov/vuln/detail/CVE-2022-25273

security-tracker.debian.org/tracker/CVE-2022-25273

www.cve.org/CVERecord?id=CVE-2022-25273

www.drupal.org/sa-core-2022-008

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for UB:CVE-2022-25273