Vulnerability Bulletins

Drupal core - Moderately critical - Access bypass - SA-CORE-2021-009


System information

   
Affected software Drupal

Description

Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13676Description: The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data.Sites are only affected if the QuickEdit module (which comes with the Standard profile) is

More info:

https://www.drupal.org/sa-core-2021-009

Standar resources

Property Value
CVE CVE-2020-13676.

Version history

Version Comments Date
1.0 Advisory issued 2022-08-22
Ministerio de Defensa
CNI
CCN
CCN-CERT