CVE-2020-13674

Name of the Vulnerable Software and Affected Versions QuickEdit module (affected versions not specified)

Description The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module is installed. Removing the access in-place editing permission from untrusted users will not fully mitigate the issue.

Recommendations For the QuickEdit module, consider removing or restricting the module until a proper fix is available. As a temporary workaround, restrict access to the QuickEdit module to trusted users only. Avoid granting the access in-place editing permission to untrusted users, as this does not fully mitigate the issue.