PT-2018-8355 · Drupal · Drupal

Ted Bowman

Published

2018-03-01

Updated

2022-05-13

CVE-2017-6931

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Drupal versions 8.4.x before 8.4.5

Description The issue allows users to update certain data without proper permissions, specifically affecting the Settings Tray module. If a Settings Tray form is implemented in a custom or contrib module, access checks should be added. This vulnerability can be mitigated by disabling the Settings Tray module.

Recommendations For Drupal versions 8.4.x before 8.4.5, update to version 8.4.5 or later to resolve the issue. As a temporary workaround, consider disabling the Settings Tray module until the issue is resolved.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2017-6931

GHSA-7FFH-CJVG-FPR4

Affected Products

Drupal

PT-2018-8355 · Drupal · Drupal

CVE-2017-6931

Weakness Enumeration

Related Identifiers

Affected Products

References · 7