Drupal CVE-2017-6919 Vulnerability (CVE-2017-6919)

Description

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

Remediation

References

CVE-2017-6919

Related Vulnerabilities

WordPress Plugin Spot.IM Comments Cross-Site Scripting (4.0.3)

WordPress Plugin MailPoet Newsletters (Previous) Security Bypass (2.8.1)

MediaWiki Other Vulnerability (CVE-2004-2187)

WordPress Plugin Under Construction, Coming Soon & Maintenance Mode Multiple Vulnerabilities (1.1.1)

WordPress Plugin NextCellent Gallery-NextGEN Legacy Cross-Site Scripting (1.9.27)

Severity

High

Classification

CVE-2017-6919 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H