CVE-2020-13667: Incorrect Default Permissions

May 17, 2021 (updated June 1, 2021)

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module does not sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see content before the site owner intends people to see the content. This vulnerability is mitigated by the fact that sites are only vulnerable if they have installed the experimental Workspaces module.

References

nvd.nist.gov/vuln/detail/CVE-2020-13667
www.drupal.org/sa-core-2020-008

Code Behaviors & Features

Detect and mitigate CVE-2020-13667 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →