Boletines de Vulnerabilidades

Drupal core - Moderately critical - Access bypass - SA-CORE-2021-009

Información sobre el sistema
   
Software afectado Drupal

Descripción
Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassCVE IDs: CVE-2020-13676Description: The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data.Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.This advisory is not covered by Drupal

More info:

https://www.drupal.org/sa-core-2021-009

Identificadores estándar
Propiedad Valor
CVE CVE-2020-13676.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2022-05-26

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT