vulnerability

Drupal: CVE-2020-13674: Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-007

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	2022-02-11	2022-03-23	2022-03-23

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

2022-02-11

Added

2022-03-23

Modified

2022-03-23

Description

The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.

Solution(s)

drupal-upgrade-8_9_1drupal-upgrade-9_1_1drupal-upgrade-9_2_6

References

CVE-2020-13674
https://attackerkb.com/topics/CVE-2020-13674
URL-https://www.drupal.org/sa-core-2021-007

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today