CVE-2016-7570

Опубликовано: 03 окт. 2016

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.

Ссылки

http://www.securityfocus.com/bid/93101
Third Party Advisory
http://www.securitytracker.com/id/1036886
Third Party Advisory
https://www.drupal.org/SA-CORE-2016-004
Vendor Advisory
http://www.securityfocus.com/bid/93101
Third Party Advisory
http://www.securitytracker.com/id/1036886
Third Party Advisory
https://www.drupal.org/SA-CORE-2016-004
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:drupal:drupal:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha10:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha11:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha12:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha13:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha14:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha15:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha7:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha8:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:alpha9:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta11:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta12:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta13:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta14:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta15:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta16:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta6:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta7:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:beta9:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.0:rc4:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.0:beta1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.0:beta2:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.0052

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2016-7570

CVSS3: 4.3

ubuntu

больше 8 лет назад

CVE-2016-7570

CVSS3: 4.3

debian

больше 8 лет назад

Drupal 8.x before 8.1.10 does not properly check for "Administer comme ...

GHSA-6g9h-6v79-w4pc

CVSS3: 4.3

github

около 3 лет назад

Drupal Users without "Administer comments" can set comment visibility on nodes they can edit

EPSS

Процентиль: 66%

0.0052

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-264