6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
17.6%
Under certain circumstances, the Drupal core form API evaluates form
element access incorrectly. This may lead to a user being able to alter
data they should not have access to. No forms provided by Drupal core are
known to be vulnerable. However, forms added through contributed or custom
modules or themes may be affected.