BIT-drupal-2020-13674

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2020-13674.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-drupal-2020-13674

Aliases

Published

2024-03-06T10:56:59.186Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.

Database specific

{
    "cpes": [
        "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://www.drupal.org/sa-core-2021-007

Affected packages

Bitnami / drupal

Package

Name: drupal
Purl: pkg:bitnami/drupal

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.9.0

Fixed

8.9.19

Introduced

9.1.0

Fixed

9.1.13

Introduced

9.2.0

Fixed

9.2.6