CVE-2017-6923

Name of the Vulnerable Software and Affected Versions Drupal 8.x versions prior to 8.3.7

Description The views subsystem in Drupal did not restrict access to the Ajax endpoint for updating displayed data via filter parameters when creating a view. This issue can be mitigated if access restrictions are in place on the view. It is recommended to include access restrictions on all views as a best practice.

Recommendations For Drupal 8.x versions prior to 8.3.7, update to version 8.3.7 or later to resolve the issue. As a temporary workaround, consider including access restrictions on all views to minimize the risk of exploitation.