CVE-2020-13668

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-13668

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13668.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-13668

Aliases

Published

2022-02-11T16:15:08Z

Modified

2024-09-03T03:13:07.258584Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

References

https://www.drupal.org/sa-core-2020-009

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

f2b59e3ae8097ea01d15c708f1267b73794399c0

Fixed

0acec51a303eeb84302553d51f9ac41e805e9614

Affected versions

8.*

8.8.0

8.8.1

8.8.2

8.8.3

8.8.4

8.8.5

8.8.6

8.8.7

8.8.8

8.8.9