CVE-2017-6925

Опубликовано: 15 янв. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.

Ссылки

http://www.securityfocus.com/bid/100368
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039200
Third Party Advisory
VDB Entry
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/100368
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039200
Third Party Advisory
VDB Entry
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.3.7 (исключая)

EPSS

Процентиль: 71%

0.00683

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2017-6925

CVSS3: 9.8

debian

больше 6 лет назад

In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability ...

GHSA-f4qx-jqfq-7785

CVSS3: 9.8

github

около 3 лет назад

Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions

EPSS

Процентиль: 71%

0.00683

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo