CVE-2020-13668

CVE-2020-13668: Access bypass in Drupal Core 8/9

Vendor Drupal

Product Core

Published February 11, 2022

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Key dates

Disclosure timeline

February 11, 2022 CVE published

August 4, 2024 Record updated

Identifiers

CVE CVE-2020-13668

Affected versions

Vendor Drupal

Product Core

Affected ≥ 8.8.x and < 8.8.10

Vendor Drupal

Product Core

Affected ≥ 8.9.x and < 8.9.6

Vendor Drupal

Product Core

Affected ≥ 9.0.x and < 9.0.6