Description

An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.

Remediation

References

CVE-2019-6342

Related Vulnerabilities

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-7490)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-6619)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5342)

WordPress Plugin WP-Paginate Cross-Site Scripting (1.2.1)

WordPress Plugin WP-Recall-Registration, Profile, Commerce & More SQL Injection (16.26.5)

Severity

Critical

Classification

CVE-2019-6342 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities