Open Redirect Vulnerability in Drupal Core by Drupal
CVE-2020-13662

6.1MEDIUM

Key Information:

Vendor: Drupal
Status: Drupal Core
Vendor: CVE Published:; 5 May 2021

Summary

An open redirect vulnerability in Drupal Core can allow an attacker to deceive users into clicking on a crafted link that redirects them to an arbitrary external URL. This manipulation can facilitate phishing attacks or lead users to malicious sites, undermining the security and trust in the affected applications. The vulnerability impacts Drupal Core version 7.70 and earlier, necessitating immediate attention from users to mitigate potential risks associated with untrusted redirects.

Affected Version(s)

Drupal Core 7 <= 7.70

References

https://www.drupal.org/sa-core-2020-003

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 5, 2021
Vulnerability Reserved
May 28, 2020