GitHub Advisory DatabaseGHSA-Q3P9-8728-WQ7XDrupal saving user accounts can sometimes grant the user all roles
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.8%
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| drupal/drupal | lt | 6.38 | |
| drupal/drupal | lt | 7.43 | |
| drupal/core | lt | 7.43 | |
| drupal/core | lt | 6.38 |
References
www.debian.org/security/2016/dsa-3498
www.openwall.com/lists/oss-security/2016/02/24/19
www.openwall.com/lists/oss-security/2016/03/15/10
github.com/advisories/GHSA-q3p9-8728-wq7x
github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3169.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3169.yaml
nvd.nist.gov/vuln/detail/CVE-2016-3169
www.drupal.org/SA-CORE-2016-001
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.8%