Description

When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.

Remediation

References

CVE-2017-6377

Related Vulnerabilities

WordPress CVE-2023-5561 Vulnerability (CVE-2023-5561)

MySQL CVE-2015-4767 Vulnerability (CVE-2015-4767)

MediaWiki Incorrect Authorization Vulnerability (CVE-2020-26121)

WordPress Plugin Tweet Wheel Spam (0.3)

PHP Numeric Errors Vulnerability (CVE-2016-4344)

Severity

High

Classification

CVE-2017-6377 CWE-863 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities