Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-13674

UNKNOWN
Published 2022-02-11T15:45:18
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-13674. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Drupal

Core

Affected Versions:

9.2 9.1 8.9

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Cross-Site Request Forgery in Drupal core

GHSA-j586-cj67-vg4p

Advisory Details

The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.

Affected Packages

Packagist drupal/core
ECOSYSTEM: ≥8.0.0 <8.9.19
Packagist drupal/core
ECOSYSTEM: ≥9.1.0 <9.1.13
Packagist drupal/core
ECOSYSTEM: ≥9.2.0 <9.2.6

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-13674
WEB https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
WEB https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
WEB https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
PACKAGE https://github.com/drupal/core
WEB https://www.drupal.org/sa-core-2021-007

Advisory provided by GitHub Security Advisory Database. Published: February 12, 2022, Modified: February 23, 2022

References

https://www.drupal.org/sa-core-2021-007
Published: 2022-02-11T15:45:18
Last Modified: 2024-08-04T12:25:16.213Z
Copied to clipboard!