CVE-2020-13676

6.5MEDIUM

Key Information

Vendor: Drupal
Status: Core
Vendor: CVE Published:; 11 February 2022

Summary

The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

Affected Version(s)

Core < 9.2.6

Core < 9.1.13

Core < 8.9.19

Refferences

https://www.drupal.org/sa-core-2021-009

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2022
Vulnerability Reserved
May 28, 2020

Collectors

NVD DatabaseMitre Database