Linux Distros Unpatched Vulnerability : CVE-2017-6922

🗓️ 15 Aug 2025 00:00:00Reported by TenableType

Linux host Drupal CVE-2017-6922 unpatched; anonymous uploaded private files visible to all anonymous users; affects Drupal core 8.x before 8.3.4 and 7.x before 7.56

Reporter	Title	Published	Views	Family All 49
IBM Security Bulletins	Security Bulletin: Weaker than expected security in IBM API Connect Developer Portal (CVE-2017-6922)	15 Jun 201807:07	–	ibm
FreeBSD	drupal -- Drupal Core - Multiple Vulnerabilities	21 Jun 201700:00	–	freebsd
Circl	CVE-2017-6922	22 Jun 201711:53	–	circl
CNVD	Drupal File Upload Vulnerability	23 Jun 201700:00	–	cnvd
CVE	CVE-2017-6922	22 Jan 201915:00	–	cve
Cvelist	CVE-2017-6922 Files uploaded by anonymous users into a private file system can be accessed by other anonymous users	22 Jan 201915:00	–	cvelist
Debian	[SECURITY] [DLA 1004-1] drupal7 security update	28 Jun 201716:19	–	debian
Debian	[SECURITY] [DSA 3897-1] drupal7 security update	24 Jun 201705:31	–	debian
Debian	[SECURITY] [DSA 3897-1] drupal7 security update	24 Jun 201705:31	–	debian
Debian CVE	CVE-2017-6922	22 Jan 201915:00	–	debiancve

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2017-6922
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(250183);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/15");

  script_cve_id("CVE-2017-6922");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2017-6922");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded
    by an anonymous user but not permanently attached to content on the site should only be visible to the
    anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide
    this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact
    that in order to be affected, the site must allow anonymous users to upload files into a private file
    system. (CVE-2017-6922)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2017-6922");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6922");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:drupal7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-14.04", "Host/OS/Ubuntu Linux-16.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-14.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14.04",
        "pkgs": [
          {"reference": "drupal7"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "drupal7"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

15 Aug 2025 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 24

CVSS 36.5

EPSS0.01704

drupal vulnerability anonymous file exposure private file uploads drupal core versions no vendor patch