Lucene search

GitHub Advisory DatabaseGHSA-FMQH-2J2X-VGP3

HistoryMay 17, 2022 - 3:47 a.m.

Drupal Unprivileged access to config export

2022-05-1703:47:57

GitHub Advisory Database

github.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

42.3%

JSON

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for “Export configuration” permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.

Affected configurations

Vulners

Node

drupaldrupalRange<8.1.10

drupal_coredrupal_coreRange<8.1.10

CPENameOperatorVersion
drupal/drupallt8.1.10
drupal/corelt8.1.10

CPE	Name	Operator	Version
	drupal/drupal	lt	8.1.10
	drupal/core	lt	8.1.10

References

www.securityfocus.com/bid/93101

www.securitytracker.com/id/1036886

github.com/advisories/GHSA-fmqh-2j2x-vgp3

github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml

github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml

nvd.nist.gov/vuln/detail/CVE-2016-7572

www.drupal.org/SA-CORE-2016-004

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

42.3%

JSON

Related for GHSA-FMQH-2J2X-VGP3