Drupal Multiple Vulnerabilities (SA-CORE-2016-004) - Linux

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

CVE-2016-7570

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes...

CVE-2016-7570

Vulnerability: Drupal 8.x before 8.1.10 exposes a permissions check flaw where users with node-edit rights can alter the visibility of comments on arbitrary nodes. Root cause: improper verification of the Administer comments permission. Impact: authenticated remote attackers could manipulate comm...

CVE-2016-7570

Removed by vendor...

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004

Users without "Administer comments" can set comment visibility on nodes they can edit. Less critical Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission. Cross-site Scripting in http...