CVE-2020-13675

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.drupal.org/sa-core-2021-008	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

History

No history.

Information

Published : 2022-02-11 16:15

Updated : 2024-02-28 19:09

NVD link : CVE-2020-13675

Mitre link : CVE-2020-13675

CVE.ORG link : CVE-2020-13675

JSON object : View

Products Affected

drupal

drupal

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-284

Improper Access Control

{"id": "CVE-2020-13675", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-02-11T16:15:08.367", "references": [{"url": "https://www.drupal.org/sa-core-2021-008", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "mlhess@drupal.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Secondary", "source": "mlhess@drupal.org", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site."}, {"lang": "es", "value": "Los m\u00f3dulos JSON:API y REST/File de Drupal permiten la carga de archivos mediante sus APIs HTTP. Los m\u00f3dulos no ejecutan correctamente toda la comprobaci\u00f3n de los archivos, lo que causa una vulnerabilidad de omisi\u00f3n de acceso. Un atacante podr\u00eda ser capaz de subir archivos que salten el proceso de comprobaci\u00f3n de archivos implementado por los m\u00f3dulos del sitio"}], "lastModified": "2022-02-18T01:44:46.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69F69CDD-9527-44F9-9A24-1CB224492E78", "versionEndExcluding": "8.9.19", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEDA920A-E60F-4CC8-9C06-1B3B7E200DE4", "versionEndExcluding": "9.1.13", "versionStartIncluding": "9.1.0"}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED6917A0-B070-4716-9D5A-C8505254005F", "versionEndExcluding": "9.2.6", "versionStartIncluding": "9.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "mlhess@drupal.org"}