The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the “access in-place editing” permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
[
{
"product": "Core",
"vendor": "Drupal",
"versions": [
{
"lessThan": "9.3.6",
"status": "affected",
"version": "9.3.x",
"versionType": "custom"
},
{
"lessThan": "9.2.13",
"status": "affected",
"version": "9.2.x",
"versionType": "custom"
}
]
}
]