CVE-2017-6924

Опубликовано: 15 янв. 2019

Источник: nvd

CVSS3: 7.4

CVSS2: 5.8

EPSS Низкий

Описание

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.

Ссылки

http://www.securityfocus.com/bid/100368
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039200
Third Party Advisory
VDB Entry
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/100368
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039200
Third Party Advisory
VDB Entry
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.3.7 (исключая)

EPSS

Процентиль: 50%

0.00271

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

CVE-2017-6924

CVSS3: 7.4

debian

больше 6 лет назад

In Drupal 8 prior to 8.3.7; When using the REST API, users without the ...

GHSA-p8g6-5mg7-9r5q

CVSS3: 7.4

github

около 3 лет назад

Drupal REST API can bypass comment approval

EPSS

Процентиль: 50%

0.00271

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-269