Description
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
Remediation
References
Related Vulnerabilities
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6417)
WordPress Plugin 3D Banner Rotator 'upload.php' Arbitrary File Upload (2.1)
WordPress Plugin Facebook Promotion Generator for WordPress 'fbActivate.php' SQL Injection (1.3.3)
WebLogic CVE-2017-3531 Vulnerability (CVE-2017-3531)
WordPress Plugin JetWidgets For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.0.8)