#VU46768 Improper access control in Drupal - CVE-2020-13667
Published: September 17, 2020
Vulnerability identifier: #VU46768
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-13667
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Drupal
Drupal
Software vendor:
Drupal
Drupal
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the Workspaces module when working with multiple workspaces. A remote attacker can bypass implemented security restrictions and gain unauthorized access to yet not published content.
Successful exploitation of the vulnerability requires that the experimental Workspaces module is installed.
Remediation
Install updates from vendor's website.