CVE-2020-13677

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Drupal core JSON:API module (affected versions not specified)

Description The issue arises when the Drupal core JSON:API module fails to properly restrict access to certain content under specific circumstances, potentially leading to unintended access bypass. It is noted that sites without the JSON:API module enabled are not affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-863

Related Identifiers

BIT-DRUPAL-2020-13677

CVE-2020-13677

DRUPAL-CORE-2021-010

GHSA-3XR3-PHJP-G6P2

Affected Products

Drupal Core Json:Api Module

CVE-2020-13677

Weakness Enumeration

Related Identifiers

Affected Products

References · 12