Lucene search
DrupalCVELIST:CVE-2017-6924HistoryJan 15, 2019 - 8:00 p.m.
CVE-2017-6924 REST API can bypass comment approval - Access Bypass - Moderately Critical
2019-01-1520:00:00
drupal
raw.githubusercontent.com
2
In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.
Related
prion
prion
Code injection
2019-01-15 20:29:00
veracode
veracode
Access Bypass
2017-10-26 03:35:17
osv
osv
CVE-2017-6924
2019-01-15 20:29:00
Drupal REST API can bypass comment approval
2022-05-13 01:36:23
friendsofphp
friendsofphp
REST API can bypass comment approval.
2017-08-16 17:10:35
REST API can bypass comment approval.
2017-08-16 17:10:35
cve
cve
CVE-2017-6924
2019-01-15 20:29:00
github
github
Drupal REST API can bypass comment approval
2022-05-13 01:36:23
nessus
nessus
Fedora 25 : drupal8 (2017-902970c18f)
2017-09-11 00:00:00
Drupal 8.x < 8.3.7 Multiple Vulnerabilities
2018-11-05 00:00:00
openvas
openvas
Drupal Core Multiple Vulnerabilities (SA-CORE-2017-004) - Linux
2017-08-17 00:00:00
Drupal Core Multiple Vulnerabilities (SA-CORE-2017-004) - Windows
2017-08-17 00:00:00
Fedora Update for drupal8 FEDORA-2017-0fbd57c134
2017-09-09 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: drupal8-8.3.7-1.fc26
2017-09-08 16:22:14
[SECURITY] Fedora 25 Update: drupal8-8.3.7-1.fc25
2017-09-08 21:21:26
[SECURITY] Fedora 26 Update: drupal8-8.3.9-1.fc26
2018-04-24 03:28:25
freebsd
freebsd
drupal -- Drupal Core - Multiple Vulnerabilities
2017-08-16 00:00:00
threatpost
threatpost
Drupal Patches Critical Access Bypass Bug
2017-08-17 15:50:33
ibm
ibm