Lucene search

[email protected]CVE-2016-7570

HistoryOct 03, 2016 - 6:59 p.m.

CVE-2016-7570

2016-10-0318:59:15

CWE-264

[email protected]

web.nvd.nist.gov

cve-2016-7570

drupal 8.x

security vulnerability

comments

nvd

remote authenticated users

node visibility

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

Drupal 8.x before 8.1.10 does not properly check for “Administer comments” permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.

Affected configurations

NVD

Node

drupaldrupalMatch8.0.0

drupaldrupalMatch8.0.0alpha10

drupaldrupalMatch8.0.0alpha11

drupaldrupalMatch8.0.0alpha12

drupaldrupalMatch8.0.0alpha13

drupaldrupalMatch8.0.0alpha14

drupaldrupalMatch8.0.0alpha15

drupaldrupalMatch8.0.0alpha2

drupaldrupalMatch8.0.0alpha3

drupaldrupalMatch8.0.0alpha4

drupaldrupalMatch8.0.0alpha5

drupaldrupalMatch8.0.0alpha6

drupaldrupalMatch8.0.0alpha7

drupaldrupalMatch8.0.0alpha8

drupaldrupalMatch8.0.0alpha9

drupaldrupalMatch8.0.0beta1

drupaldrupalMatch8.0.0beta10

drupaldrupalMatch8.0.0beta11

drupaldrupalMatch8.0.0beta12

drupaldrupalMatch8.0.0beta13

drupaldrupalMatch8.0.0beta14

drupaldrupalMatch8.0.0beta15

drupaldrupalMatch8.0.0beta16

drupaldrupalMatch8.0.0beta2

drupaldrupalMatch8.0.0beta3

drupaldrupalMatch8.0.0beta4

drupaldrupalMatch8.0.0beta6

drupaldrupalMatch8.0.0beta7

drupaldrupalMatch8.0.0beta9

drupaldrupalMatch8.0.0rc1

drupaldrupalMatch8.0.0rc2

drupaldrupalMatch8.0.0rc3

drupaldrupalMatch8.0.0rc4

drupaldrupalMatch8.0.1

drupaldrupalMatch8.0.2

drupaldrupalMatch8.0.3

drupaldrupalMatch8.0.4

drupaldrupalMatch8.0.5

drupaldrupalMatch8.0.6

drupaldrupalMatch8.1.0

drupaldrupalMatch8.1.0beta1

drupaldrupalMatch8.1.0beta2

drupaldrupalMatch8.1.0rc1

drupaldrupalMatch8.1.1

drupaldrupalMatch8.1.2

drupaldrupalMatch8.1.3

drupaldrupalMatch8.1.4

drupaldrupalMatch8.1.5

drupaldrupalMatch8.1.6

drupaldrupalMatch8.1.7

drupaldrupalMatch8.1.8

drupaldrupalMatch8.1.9

CPENameOperatorVersion
drupal:drupaldrupaleq8.0.0
drupal:drupaldrupaleq8.0.1
drupal:drupaldrupaleq8.0.2
drupal:drupaldrupaleq8.0.3
drupal:drupaldrupaleq8.0.4
drupal:drupaldrupaleq8.0.5
drupal:drupaldrupaleq8.0.6
drupal:drupaldrupaleq8.1.0
drupal:drupaldrupaleq8.1.1
drupal:drupaldrupaleq8.1.2

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	8.0.0
drupal:drupal	drupal	eq	8.0.1
drupal:drupal	drupal	eq	8.0.2
drupal:drupal	drupal	eq	8.0.3
drupal:drupal	drupal	eq	8.0.4
drupal:drupal	drupal	eq	8.0.5
drupal:drupal	drupal	eq	8.0.6
drupal:drupal	drupal	eq	8.1.0
drupal:drupal	drupal	eq	8.1.1
drupal:drupal	drupal	eq	8.1.2