PT-2019-8596 · Drupal · Drupal

Miles Worthington

Publicado

2019-01-15

Atualizado

2022-05-13

CVE-2017-6925

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Drupal 8 core versions prior to 8.3.7

Description There is an issue in the entity access system that could allow unwanted access to view, create, update, or delete entities. This issue affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.

Recommendations For versions prior to 8.3.7, update to version 8.3.7 or later to resolve the issue.

Exploit

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2017-6925

GHSA-F4QX-JQFQ-7785

Produtos afetados

Drupal

PT-2019-8596 · Drupal · Drupal

CVE-2017-6925

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10