Rapid7 Vulnerability & Exploit Database

Drupal: CVE-2020-13667: Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008

Back to Search

Drupal: CVE-2020-13667: Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
09/17/2020
Created
09/18/2020
Added
09/17/2020
Modified
06/03/2021

Description

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see content before the site owner intends people to see the content. This vulnerability is mitigated by the fact that sites are only vulnerable if they have installed the experimental Workspaces module. This issue affects Drupal Core8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6.

Solution(s)

  • drupal-upgrade-8_8_1
  • drupal-upgrade-8_9_6
  • drupal-upgrade-9_0_6

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;