BIT-drupal-2020-13668

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2020-13668.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-drupal-2020-13668

Aliases

Published

2024-03-06T10:57:51.785Z

Modified

2025-05-20T10:02:07.006Z

Summary

Access bypass in Drupal Core 8/9

Details

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / drupal

Package

Name: drupal
Purl: pkg:bitnami/drupal

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.8.0

Fixed

8.8.10

Introduced

8.9.0

Fixed

8.9.6

Introduced

9.0.0

Fixed

9.0.6

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2020-13668.json"