Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-13674

Опубликовано: 11 фев. 2022
Источник: ubuntu
Приоритет: low
CVSS2: 4.3
CVSS3: 6.5

Описание

The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.

РелизСтатусПримечание
esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
trusty

ignored

end of standard support
trusty/esm

not-affected

code not present
upstream

needs-triage

xenial

ignored

end of standard support

Показывать по

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

CVSS3: 6.5
nvd
больше 3 лет назад

The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.

CVSS3: 6.5
github
больше 3 лет назад

Cross-Site Request Forgery in Drupal core

4.3 Medium

CVSS2

6.5 Medium

CVSS3