Lucene search
GoogleOSV:GHSA-J586-CJ67-VG4PHistoryFeb 12, 2022 - 12:00 a.m.
Cross-Site Request Forgery in Drupal core
2022-02-1200:00:47
Google
osv.dev
11
0.001 Low
EPSS
Percentile
21.7%
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the “access in-place editing” permission from untrusted users will not fully mitigate the vulnerability.
References
github.com/drupal/core
github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6
github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c
github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8
nvd.nist.gov/vuln/detail/CVE-2020-13674
www.drupal.org/sa-core-2021-007
Related
osv
osv
CVE-2020-13674
2022-02-11 16:15:08
BIT-drupal-2020-13674
2024-03-06 10:56:59
cvelist
cvelist
CVE-2020-13674
2022-02-11 15:45:18
ubuntucve
ubuntucve
CVE-2020-13674
2022-02-11 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-02-11 16:15:00
github
github
Cross-Site Request Forgery in Drupal core
2022-02-12 00:00:47
veracode
veracode
Cross Site Request Forgery
2022-02-14 07:08:11
cve
cve
CVE-2020-13674
2022-02-11 16:15:08
nvd
nvd
CVE-2020-13674
2022-02-11 16:15:08
drupal
drupal
nessus
nessus
Drupal 9.1.x < 9.1.13 Multiple Vulnerabilities
2021-09-16 00:00:00
Drupal 8.9.x < 8.9.19 Multiple Vulnerabilities
2021-09-16 00:00:00
Drupal 9.2.x < 9.2.6 Multiple Vulnerabilities
2021-09-16 00:00:00