Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2017-6924
HistoryJan 15, 2019 - 8:29 p.m.

CVE-2017-6924

2019-01-1520:29:00
Google
osv.dev
3

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.01 Low

EPSS

Percentile

82.9%

JSON

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.

Related

prion 1
veracode 1
friendsofphp 2
osv 1
github 1
cve 1
cvelist 1
nessus 5
fedora 3
openvas 5
threatpost 1
freebsd 1
ibm 2
prion
prion
Code injection
2019-01-15 20:29:00
veracode
veracode
Access Bypass
2017-10-26 03:35:17
friendsofphp
friendsofphp
REST API can bypass comment approval.
2017-08-16 17:10:35
REST API can bypass comment approval.
2017-08-16 17:10:35
osv
osv
Drupal REST API can bypass comment approval
2022-05-13 01:36:23
github
github
Drupal REST API can bypass comment approval
2022-05-13 01:36:23
cve
cve
CVE-2017-6924
2019-01-15 20:29:00
cvelist
cvelist
REST API can bypass comment approval - Access Bypass - Moderately Critical
2019-01-15 20:00:00
nessus
nessus
FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (473b6a9e-8493-11e7-b24b-6cf0497db129)
2017-08-21 00:00:00
Fedora 25 : drupal8 (2017-902970c18f)
2017-09-11 00:00:00
Drupal 8.x < 8.3.7 Multiple Vulnerabilities
2018-11-05 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: drupal8-8.3.7-1.fc26
2017-09-08 16:22:14
[SECURITY] Fedora 25 Update: drupal8-8.3.7-1.fc25
2017-09-08 21:21:26
[SECURITY] Fedora 26 Update: drupal8-8.3.9-1.fc26
2018-04-24 03:28:25
openvas
openvas
Drupal Core Multiple Vulnerabilities (SA-CORE-2017-004) - Linux
2017-08-17 00:00:00
Drupal Core Multiple Vulnerabilities (SA-CORE-2017-004) - Windows
2017-08-17 00:00:00
Fedora Update for drupal8 FEDORA-2017-902970c18f
2017-09-09 00:00:00
threatpost
threatpost
Drupal Patches Critical Access Bypass Bug
2017-08-17 15:50:33
freebsd
freebsd
drupal -- Drupal Core - Multiple Vulnerabilities
2017-08-16 00:00:00
ibm
ibm
Security Bulletin: API Connect Portal is affected by multiple Drupal vulnerabilities
2018-06-15 07:08:13
Security Bulletin: API Connect Portal is affected by multiple Drupal vulnerabilities
2018-06-15 07:08:05

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.01 Low

EPSS

Percentile

82.9%

JSON
Related for OSV:CVE-2017-6924
prion1veracode1friendsofphp2osv1github1cve1cvelist1nessus5fedora3openvas5threatpost1freebsd1ibm2