Lucene search
DrupalCVELIST:CVE-2020-13677HistoryFeb 11, 2022 - 3:55 p.m.
CVE-2020-13677
2022-02-1115:55:12
CWE-284
drupal
www.cve.org
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.
CNA Affected
[
{
"product": "Core",
"vendor": "Drupal",
"versions": [
{
"lessThan": "9.2.6",
"status": "affected",
"version": "9.2.x",
"versionType": "custom"
},
{
"lessThan": "9.1.13",
"status": "affected",
"version": "9.1.x",
"versionType": "custom"
},
{
"lessThan": "8.9.19",
"status": "affected",
"version": "8.9.x",
"versionType": "custom"
}
]
}
]References
Related
drupal
drupal
Drupal core - Moderately critical - Access Bypass - SA-CORE-2021-010
2021-09-15 00:00:00
github
github
Drupal core access bypass vulnerability
2022-02-12 00:00:46
cve
cve
CVE-2020-13677
2022-02-11 16:15:08
veracode
veracode
Access Restriction Bypass
2022-02-14 09:14:01
prion
prion
Design/Logic Flaw
2022-02-11 16:15:00
osv
osv
CVE-2020-13677
2022-02-11 16:15:08
Drupal core access bypass vulnerability
2022-02-12 00:00:46
BIT-drupal-2020-13677
2024-03-06 10:56:30
nvd
nvd
CVE-2020-13677
2022-02-11 16:15:08
ubuntucve
ubuntucve
CVE-2020-13677
2022-02-11 00:00:00
nessus
nessus
Drupal 8.9.x < 8.9.19 Multiple Vulnerabilities
2021-09-16 00:00:00
Drupal 9.2.x < 9.2.6 Multiple Vulnerabilities
2021-09-16 00:00:00
Drupal 9.1.x < 9.1.13 Multiple Vulnerabilities
2021-09-16 00:00:00
