Candidate: CVE-2020-13674
PublicDate: 2022-02-11 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13674
 https://www.drupal.org/sa-core-2021-007
Description:
 The QuickEdit module does not properly validate access to routes, which
 could allow cross-site request forgery under some circumstances and lead to
 possible data integrity issues. Sites are only affected if the QuickEdit
 module (which comes with the Standard profile) is installed. Removing the
 "access in-place editing" permission from untrusted users will not fully
 mitigate the vulnerability.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N [6.5 MEDIUM]


Patches_drupal7:
upstream_drupal7: needs-triage
trusty/esm_drupal7: not-affected (code not present)
trusty_drupal7: ignored (out of standard support)
xenial_drupal7: ignored (out of standard support)