7 matches found
CVE-2017-6923
CVE-2017-6923, CVE-2017-6924, and CVE-2017-6925 describe Drupal 8.x vulnerabilities prior to 8.3.7 affecting Ajax endpoint access control, REST API comment posting, and entity access restrictions, respectively. The issues are documented under SA-CORE-2017-004 and are fixed in Drupal 8.3.7. Affect...
Fedora Update for drupal8 FEDORA-2018-922cc2fbaa
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 26 : drupal8 (2017-0fbd57c134)
8.3.7 - SA-CORE-2017-004 CVE-2017-6923, CVE-2017-6924, CVE-2017-6925 - 8.3.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora 25 : drupal8 (2017-902970c18f)
8.3.7 - SA-CORE-2017-004 CVE-2017-6923, CVE-2017-6924, CVE-2017-6925 - 8.3.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora Update for drupal8 FEDORA-2017-0fbd57c134
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (473b6a9e-8493-11e7-b24b-6cf0497db129)
Drupal Security Team : CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...
Drupal Patches Critical Access Bypass Bug
Website management platform Drupal released several patches that address access bypass vulnerabilities in its Drupal 8 Core engine Wednesday, fixing one critical and two moderately critical security bugs. The most serious of the vulnerabilities is the access bypass vulnerability CVE-2017-6925 in...