Description
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Sharing-Social Warfare Multiple Vulnerabilities (3.5.2)
MySQL CVE-2019-2757 Vulnerability (CVE-2019-2757)
qdPM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11811)
WordPress Plugin WP Symposium Arbitrary File Upload (14.11)
PostgreSQL Resource Management Errors Vulnerability (CVE-2007-4772)