Description
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.
Remediation
References
Related Vulnerabilities
WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability (0.6.2 - 2.8)
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2022-2097)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0827)
WordPress Improper Privilege Management Vulnerability (CVE-2019-20043)
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)