Description

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

Remediation

References

CVE-2017-6919

Related Vulnerabilities

Envoy Proxy Use After Free Vulnerability (CVE-2023-35942)

WordPress Plugin OptionTree PHP Object Injection (2.7.2)

Django Improper Input Validation Vulnerability (CVE-2011-4139)

WordPress Plugin Yoast SEO Cross-Site Scripting (3.4.0)

phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3197)

Severity

High

Classification

CVE-2017-6919 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities