CVE-2016-6211

Опубликовано: 09 сент. 2016

Источник: debian

EPSS Низкий

Описание

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
drupal7	fixed	7.44-1		package

Примечания

https://www.drupal.org/SA-CORE-2016-002
https://www.openwall.com/lists/oss-security/2016/07/13/4
https://gist.github.com/lamby/4697fea399f3f01ca6de3ce9ed79fce7 tarball diff
https://gist.github.com/lamby/dbeda4d49f48a32aa0dd4b3ed7f06a13 filtered diff

EPSS

Процентиль: 82%

0.01747

Низкий

Связанные уязвимости

CVE-2016-6211

CVSS3: 8.8

ubuntu

почти 9 лет назад

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

CVE-2016-6211

CVSS3: 8.8

nvd

почти 9 лет назад

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

GHSA-frqf-9qr4-6vxf

CVSS3: 8.8

github

около 3 лет назад

Drupal Saving user accounts can sometimes grant the user all roles

EPSS

Процентиль: 82%

0.01747

Низкий