Description
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Remediation
References
Related Vulnerabilities
Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.10)
WordPress Plugin EMC2 Custom Help Videos Cross-Site Scripting (1.2)
WordPress Plugin WP Hotel Booking Cross-Site Request Forgery (1.10.5)
WordPress Plugin BP Group Documents Security Bypass (1.10)
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2024-23323)