Description

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

Remediation

References

CVE-2017-6919

Related Vulnerabilities

Oracle HTTP Server Other Vulnerability (CVE-2006-5354)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6483)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Cross-Site Scripting (5.7.11)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33937)

OpenSSL Resource Management Errors Vulnerability (CVE-2012-0027)

Severity

High

Classification

CVE-2017-6919 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities