PT-2018-8352 · Drupal · Drupal

Anders Olsson

·

Publicado

2018-02-24

·

Atualizado

2022-05-13

·

CVE-2017-6928

CVSS v3.1

5.3

Média

VetorAV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Drupal core versions prior to 7.57
Description The issue arises when using Drupal's private file system. Under certain conditions, where one module grants access to a file and another denies it, the access check fails. This leads to an access bypass issue, although it is mitigated by the fact that it only occurs in unusual site configurations.
Recommendations For versions prior to 7.57, update to version 7.57 or later to resolve the issue.

Exploit

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2017-6928
DLA-1295-1
DSA-4123-1
GHSA-66MV-Q8R2-HJ8W

Produtos afetados

Drupal