Описание
Drupal Cross-Site Request Forgery (CSRF)
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-6379
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6379.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6379.yaml
- https://www.drupal.org/SA-2017-001
- http://www.securityfocus.com/bid/96919
- http://www.securitytracker.com/id/1038058
Пакеты
drupal/core
>= 8.2.0, < 8.2.7
8.2.7
drupal/drupal
>= 8.2.0, < 8.2.7
8.2.7
Связанные уязвимости
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include ...