CVE-2016-7572

2016-10-03T14:59:18
ID CVE-2016-7572
Type cve
Reporter NVD
Modified 2016-10-04T14:06:45

Description

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.