CVE-2020-13676

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-13676

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13676.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-13676

Aliases

Published

2022-02-11T16:15:08Z

Modified

2024-10-12T05:55:45.967240Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

References

https://www.drupal.org/sa-core-2021-009

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

a412ca41cfc0d954fe3cb2dd982dc6ca049b1c70

Fixed

ff4f28f15d717b1ba39867f1550a248d1a915928

Affected versions

8.*

8.9.0

8.9.1

8.9.10

8.9.11

8.9.12

8.9.13

8.9.14

8.9.15

8.9.16

8.9.17

8.9.18

8.9.2

8.9.3

8.9.4

8.9.5

8.9.6

8.9.8

8.9.9