CVE-2017-6931

Опубликовано: 01 мар. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but does not harden against other such bypasses. This vulnerability can be mitigated by disabling the Settings Tray module.

Ссылки

https://www.drupal.org/sa-core-2018-001
Mitigation
Vendor Advisory
https://www.drupal.org/sa-core-2018-001
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Версия от 8.4.0 (включая) до 8.4.5 (исключая)

EPSS

Процентиль: 59%

0.00394

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

CVE-2017-6931

CVSS3: 6.5

debian

больше 7 лет назад

In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray modul ...

GHSA-7ffh-cjvg-fpr4

CVSS3: 6.5

github

около 3 лет назад

Drupal Settings Tray access bypass

EPSS

Процентиль: 59%

0.00394

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-434