admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-136xx/CVE-2020-13667.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

121 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-13667",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2021-05-17T17:15:07.893",
"lastModified": "2021-06-01T19:52:50.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see content before the site owner intends people to see the content. This vulnerability is mitigated by the fact that sites are only vulnerable if they have installed the experimental Workspaces module. This issue affects Drupal Core8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de acceso en Drupal Core Workspaces permite a un atacante acceder a los datos sin los permisos correctos. El m\u00f3dulo Workspaces de trabajo no comprueba suficientemente los permisos de acceso al cambiar de workspaces, conllevando a una vulnerabilidad de omisi\u00f3n de acceso. Un atacante podr\u00eda ser capaz de visualizar el contenido antes de que el propietario del sitio pretenda que las personas visualicen el contenido. Esta vulnerabilidad se mitiga por el hecho de que los sitios solo son vulnerables si han instalado el m\u00f3dulo Workspaces experimental. Este problema afecta a Drupal Core versiones 8.8.X anteriores a 8.8.10; versiones 8.9.X anteriores a 8.9.6; versiones 9.0.X anteriores a 9.0.6"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.8.0",
"versionEndExcluding": "8.8.10",
"matchCriteriaId": "CE1FFB12-D51C-4248-AF0C-AC888E902464"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.9.0",
"versionEndExcluding": "8.9.6",
"matchCriteriaId": "0716C15A-CA54-446C-9ED2-7B620719C68C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.6",
"matchCriteriaId": "B2579140-7CB7-4F05-8FF8-C04E0E486AD5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-core-2020-008",
"source": "mlhess@drupal.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink