3 matches found
CVE-2019-6342
Removed by vendor...
Drupal (SA-CORE-2019-008) Wordspaces Extension Access Bypass PoC
PenTestIT RSS Feed Last week, an advisory SA-CORE-2019-008 addressing a Drupal access bypass vulnerability was made public. MITRE assigned CVE-2019-6342 to this critical vulnerability. This is post to document the steps I took to create a PoC for SA-CORE-2019-008. Last such post on this blog was...
DRUPAL-CORE-2019-008
In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4. Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are not...