vulnerability
Drupal: CVE-2020-13674: Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-007
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Feb 11, 2022 | Mar 23, 2022 | Mar 23, 2022 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Feb 11, 2022
Added
Mar 23, 2022
Modified
Mar 23, 2022
Description
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.
Solution(s)
drupal-upgrade-8_9_1drupal-upgrade-9_1_1drupal-upgrade-9_2_6

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.