Description

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

Remediation

References

CVE-2016-9450

Related Vulnerabilities

Phusion Passenger Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-12028)

WordPress 6.1.x Multiple Vulnerabilities (6.1 - 6.1.3)

WordPress Plugin Beaver Builder-WordPress Page Builder Security Bypass (1.7)

Drupal Core 8.x.x Multiple Vulnerabilities (8.0.0 - 8.4.8)

WordPress Plugin Gmedia Photo Gallery Multiple Cross-Site Scripting Vulnerabilities (1.18.4)

Severity

High

Classification

CVE-2016-9450 CWE-345 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities