Описание
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | |
| devel | not-affected | |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | not-affected | |
| trusty/esm | not-affected | |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE |
Показывать по
EPSS
4 Medium
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
The system.temporary route in Drupal 8.x before 8.1.10 does not proper ...
EPSS
4 Medium
CVSS2
4.3 Medium
CVSS3