CVE-2020-13676
EUVD-2022-115011.02.2022, 16:15
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| drupal | drupal | 8.9.0 ≤ 𝑥 < 8.9.19 |
| drupal | drupal | 9.1.0 ≤ 𝑥 < 9.1.13 |
| drupal | drupal | 9.2.0 ≤ 𝑥 < 9.2.6 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.