Description

An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.

Remediation

References

CVE-2019-6342

Related Vulnerabilities

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4281)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-33362)

ownCloud Other Vulnerability (CVE-2012-5609)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1155)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1606)

Severity

Critical

Classification

CVE-2019-6342 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities