CVE-2017-6919

Опубликовано: 20 апр. 2017

Источник: debian

Описание

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
drupal8	itp			package

Примечания

https://www.drupal.org/SA-CORE-2017-002

Связанные уязвимости

CVE-2017-6919

CVSS3: 7.5

ubuntu

около 8 лет назад

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

CVE-2017-6919

CVSS3: 7.5

nvd

около 8 лет назад

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

GHSA-6hpj-9xj7-2jxx

CVSS3: 7.5

github

около 3 лет назад

Drupal access control bypass vulnerability