CVE-2017-6931

Name of the Vulnerable Software and Affected Versions Drupal versions 8.4.x before 8.4.5

Description The issue allows users to update certain data without proper permissions, specifically affecting the Settings Tray module. If a Settings Tray form is implemented in a custom or contrib module, access checks should be added. This vulnerability can be mitigated by disabling the Settings Tray module.

Recommendations For Drupal versions 8.4.x before 8.4.5, update to version 8.4.5 or later to resolve the issue. As a temporary workaround, consider disabling the Settings Tray module until the issue is resolved.