Back to search
CVE-2020-13674
Published: Feb 11, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.
| Vendor | Product | Versions |
|---|---|---|
Drupal | Core | affected 9.2 - < 9.2.6affected 9.1 - < 9.1.13affected 8.9 - < 8.9.19 |
Weaknesses (CWE)
References
https://www.drupal.org/sa-core-2021-007
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now