Main Vulnerability Database Vulnerabilities #VU46768

#VU46768 Improper access control in Drupal - CVE-2020-13667

Published: September 17, 2020

Vulnerability identifier: #VU46768

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-13667

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Drupal

Software vendor:
Drupal

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the Workspaces module when working with multiple workspaces. A remote attacker can bypass implemented security restrictions and gain unauthorized access to yet not published content.

Successful exploitation of the vulnerability requires that the experimental Workspaces module is installed.

Remediation

Install updates from vendor's website.

External links

https://www.drupal.org/sa-core-2020-008

#VU46768 Improper access control in Drupal - CVE-2020-13667

Description

Remediation

External links

Please verify you're human