Description

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

Remediation

References

CVE-2017-6919

Related Vulnerabilities

Python Improper Input Validation Vulnerability (CVE-2013-4238)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-4306)

WordPress Plugin Portfolio for Elementor, Image Gallery & Post Grid-PowerFolio Unspecified Vulnerability (2.3.1)

Jenkins Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-21607)

WildFly Application Server Uncontrolled Resource Consumption Vulnerability (CVE-2016-9589)

Severity

High

Classification

CVE-2017-6919 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities