PT-2017-17416 · Drupal · Drupal

Samuel Mortenson

Published

2017-04-20

Updated

2022-05-13

CVE-2017-6919

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Drupal 8 versions prior to 8.2.8 Drupal 8.3 versions prior to 8.3.1

Description The issue allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

Recommendations For Drupal 8 versions prior to 8.2.8, update to version 8.2.8 or later. For Drupal 8.3 versions prior to 8.3.1, update to version 8.3.1 or later.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2017-6919

GHSA-6HPJ-9XJ7-2JXX

Affected Products

Drupal

PT-2017-17416 · Drupal · Drupal

CVE-2017-6919

Weakness Enumeration

Related Identifiers

Affected Products

References · 10