Project: Quick EditDate: 2022-February-16Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information DisclosureDescription: This advisory addresses a similar issue to Drupal core – Moderately critical – Information disclosure – SA-CORE-2022-004.
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the “access in-place editing” permission viewing some content they are are not authorized to access.Solution: Install the latest version:
If you use the Quick Edit module for Drupal 9.x, upgrade to Quick Edit 1.0.1
Reported By:
Samuel Mortenson
Fixed By:
Théodore Biadala
xjm of the Drupal Security Team
Alex Bronstein of the Drupal Security Team
Adam G-H
Drew Webber of the Drupal Security Team
Wim Leers
Ted Bowman
Dave Long
Derek Wright
Lee Rowlands of the Drupal Security Team
Samuel Mortenson
Joseph Zhao