cbcvebase.
CVE-2020-13668
published 2022-02-11

CVE-2020-13668: Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the…

PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.67%
47.3th percentile
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Affected

12 ranges
VendorProductVersion rangeFixed in
drupalcore>= 8.0.0 < 8.8.108.8.10
drupalcore>= 8.8.x < 8.8.108.8.10
drupalcore>= 8.9.0 < 8.9.68.9.6
drupalcore>= 8.9.x < 8.9.68.9.6
drupalcore>= 9.0.0 < 9.0.69.0.6
drupalcore>= 9.0.x < 9.0.69.0.6
drupaldrupal>= 8.0.0 < 8.8.108.8.10
drupaldrupal>= 8.8.0 < 8.8.108.8.10
drupaldrupal>= 8.9.0 < 8.9.68.9.6
drupaldrupal>= 8.9.0 < 8.9.68.9.6
drupaldrupal>= 9.0.0 < 9.0.69.0.6
drupaldrupal>= 9.0.0 < 9.0.69.0.6

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.