CVE-2020-13662
published 2021-05-05CVE-2020-13662: Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary…
PriorityP426medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.86%
54.0th percentile
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | core | >= 7.0.0 < 7.70 | 7.70 |
| drupal | drupal | 7.0 – 7.70 | — |
| drupal | drupal | >= 7.0.0 < 7.70 | 7.70 |
| drupal | drupal_core | — | — |
| drupal | drupal_core | 7 – 7.70 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Drupal Core Open Redirect vulnerability
ghsa·2022-05-24
CVE-2020-13662 [MEDIUM] CWE-601 Drupal Core Open Redirect vulnerability
Drupal Core Open Redirect vulnerability
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.
OSV
Drupal Core Open Redirect vulnerability
osv·2022-05-24
CVE-2020-13662 [MEDIUM] Drupal Core Open Redirect vulnerability
Drupal Core Open Redirect vulnerability
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.
OSV
CVE-2020-13662: Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrar
osv·2021-05-05·CVSS 6.1
CVE-2020-13662 [MEDIUM] CVE-2020-13662: Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrar
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.
Drupal
Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003
vendor_drupal·2020-05-20
CVE-2020-13662 [MEDIUM] Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003
Title: Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003
Vulnerability Type: Open Redirect
Description: Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function. Other versions of Drupal core are not vulnerable.
Solution: Install the latest version: If you use Drupal 7.x upgrade to Drupal 7.70
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-05-05
Published