Boletines de Vulnerabilidades

Drupal core - Moderately critical - Access Bypass - SA-CORE-2021-010

Información sobre el sistema
   
Software afectado Drupal

Descripción
Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access BypassAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13677Description: Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass.Sites that do not have the JSON:API module enabled are not affected.This advisory is

More info:

https://www.drupal.org/sa-core-2021-010

Identificadores estándar
Propiedad Valor
CVE CVE-2020-13677.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2022-08-22

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT