Drupal has released security patches to address several vulnerabilities that might result in access bypass and data overwrite. The first bug addressed in the most recent editions of the open source content management system (CMS) is an access bypass issue caused by an inadequately developed generic entity access API for entity revisions.
The API was not fully integrated with current permissions, which could result in some access bypass for users who have authorization to utilise content changes in general but not to individual node and media content items, Drupal adds.
The issue affects only Drupal 9.3 versions and only sites that use Drupal’s revision mechanism.
Read More: https://www.securityweek.com/access-bypass-data-overwrite-vulnerabilities-patched-drupal