CVE-2020-13667

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Drupal Core versions prior to 8.8.10 Drupal Core versions prior to 8.9.6 Drupal Core versions prior to 9.0.6

Description The issue is an access bypass vulnerability in the Workspaces module of Drupal Core, which fails to properly check access permissions when switching workspaces. This could allow an attacker to access data without the correct permissions, potentially viewing content before it is intended to be seen. The vulnerability is mitigated by the fact that only sites with the experimental Workspaces module installed are affected.

Recommendations For versions prior to 8.8.10, update to version 8.8.10 or later. For versions prior to 8.9.6, update to version 8.9.6 or later. For versions prior to 9.0.6, update to version 9.0.6 or later.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

BIT-DRUPAL-2020-13667

CVE-2020-13667

DRUPAL-CORE-2020-008

GHSA-X2Q9-R8GM-F657

Affected Products

Drupal Core

CVE-2020-13667

Weakness Enumeration

Related Identifiers

Affected Products

References · 9