CVE-2020-13676

MEDIUM6.5EPSS 0.29%

Incorrect Authorization in Drupal core

發布日:2021/9/15修改日:2025/12/10

描述

The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

受影響套件(3)

Bitnami/drupal>= 8.9.0, < 8.9.19, >= 9.1.0, < 9.1.13, >= 9.2.0, < 9.2.6
Packagist/drupal/core>= 8.0.0, < 8.9.19 | >= 9.1.0, < 9.1.13 | >= 9.2.0, < 9.2.6
Packagist/drupal/core>= 8.0.0, < 8.9.19

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-13676
PATCHhttps://github.com/drupal/core
WEBhttps://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
WEBhttps://www.drupal.org/sa-core-2021-009