CVE-2020-13676

MEDIUM

Drupal 8.9.0-8.9.18 and Drupal Core 8.0.0-8.9.18 - Improper Access Control in QuickEdit Module

Title source: llm
STIX 2.1

Description

The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.drupal.org/sa-core-2021-009

Scores

CVSS v3 6.5
EPSS 0.0029
EPSS Percentile 51.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-284 CWE-863
Status published
Products (2)
drupal/core 8.0.0 - 8.9.19Packagist
drupal/drupal 8.9.0 - 8.9.19
Published Feb 11, 2022
Tracked Since Feb 18, 2026