Описание
Drupal Unprivileged access to config export
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-7572
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml
- https://www.drupal.org/SA-CORE-2016-004
- http://www.securityfocus.com/bid/93101
- http://www.securitytracker.com/id/1036886
Пакеты
drupal/core
>= 8.0, < 8.1.10
8.1.10
drupal/drupal
>= 8.0, < 8.1.10
8.1.10
Связанные уязвимости
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
The system.temporary route in Drupal 8.x before 8.1.10 does not proper ...