CVE-2017-6924 REST API can bypass comment approval - Access Bypass - Moderately Critical

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services rest module enabled, the...

CVE-2017-6924

Drupal 8.x before 8.3.7 is affected by CVE-2017-6924 where REST API access can allow users to post approved comments without proper permission if REST module and comment resource are enabled and an attacker can access a user account or anonymous comments. The root cause is a flaw in the REST API ...

Fedora Update for drupal8 FEDORA-2018-922cc2fbaa

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 26 : drupal8 (2017-0fbd57c134)

8.3.7 - SA-CORE-2017-004 CVE-2017-6923, CVE-2017-6924, CVE-2017-6925 - 8.3.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 25 : drupal8 (2017-902970c18f)

8.3.7 - SA-CORE-2017-004 CVE-2017-6923, CVE-2017-6924, CVE-2017-6925 - 8.3.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora Update for drupal8 FEDORA-2017-0fbd57c134

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-6924

creationtimestamp| type| source ---|---|--- 2017-08-24 17:02:33+00:00| seen| https://t.me/webamoozir/2242...

FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (473b6a9e-8493-11e7-b24b-6cf0497db129)

Drupal Security Team : CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

Drupal Patches Critical Access Bypass Bug

Website management platform Drupal released several patches that address access bypass vulnerabilities in its Drupal 8 Core engine Wednesday, fixing one critical and two moderately critical security bugs. The most serious of the vulnerabilities is the access bypass vulnerability CVE-2017-6925 in...