Vulnerability Description
Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see content before the site owner intends people to see the content. This vulnerability is mitigated by the fact that sites are only vulnerable if they have installed the experimental Workspaces module. This issue affects Drupal Core8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | >= 8.8.0, < 8.8.10 |
Related Weaknesses (CWE)
References
- https://www.drupal.org/sa-core-2020-008PatchVendor Advisory
- https://www.drupal.org/sa-core-2020-008PatchVendor Advisory
FAQ
What is CVE-2020-13667?
CVE-2020-13667 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switchi...
How severe is CVE-2020-13667?
CVE-2020-13667 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13667?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal.