PT-2019-8593 · Drupal · Drupal

Greg Knaddison

Publicado

2017-06-24

Atualizado

2022-05-13

CVE-2017-6922

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Drupal core versions prior to 8.3.4 Drupal core versions prior to 7.56

Description The issue allows an access bypass, where private files uploaded by an anonymous user are visible to all anonymous users, rather than just the user who uploaded them. This occurs on sites that allow anonymous users to upload files into a private file system.

Recommendations For Drupal core versions prior to 8.3.4, update to version 8.3.4 or later. For Drupal core versions prior to 7.56, update to version 7.56 or later.

Exploit

Correção

Files Accessible to External Parties

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-552

Identificadores relacionados

CVE-2017-6922

DLA-1004-1

DSA-3897-1

GHSA-58F3-CX8P-H8JG

MGASA-2017-0198

Produtos afetados

Drupal

PT-2019-8593 · Drupal · Drupal

CVE-2017-6922

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23