Lucene search

CVE-2017-6923

🗓️ 22 Jan 2019 16:00:00Reported by drupalType

Drupal 8.x < 8.3.7 Ajax Endpoint Access Restriction Bypass

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 26
NVD	CVE-2017-6923	22 Jan 201915:29	–	nvd
OSV	GHSA-V3F6-F29F-RGVP Missing Authorization in Drupal	10 Oct 201919:31	–	osv
OSV	CVE-2017-6923	22 Jan 201915:29	–	osv
Veracode	Access Bypass	26 Oct 201705:29	–	veracode
Friends Of PHP	Views does not properly restrict access to the Ajax endpoint.	16 Aug 201717:10	–	friendsofphp
Friends Of PHP	Views does not properly restrict access to the Ajax endpoint.	16 Aug 201717:10	–	friendsofphp
Cvelist	CVE-2017-6923 Access bypass in Drupal 8 views	22 Jan 201916:00	–	cvelist
Github Security Blog	Missing Authorization in Drupal	10 Oct 201919:31	–	github
Prion	Code injection	22 Jan 201915:29	–	prion
ThreatPost	Drupal Patches Critical Access Bypass Bug	17 Aug 201715:50	–	threatpost

Nvd

Node

drupal drupalRange8.0.0–8.3.7

[
  {
    "product": "Drupal core",
    "vendor": "Drupal",
    "versions": [
      {
        "lessThan": "8.3.7",
        "status": "affected",
        "version": "8.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
securitytracker	www.securitytracker.com/id/1039200
drupal	www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
securityfocus	www.securityfocus.com/bid/100368

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Jan 2019 16:00Current

7.8High risk

Vulners AI Score7.8

CVSS24

CVSS36.5

EPSS0.00282

CWE-862