4 matches found
CVE-2022-25274
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...
FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (473b6a9e-8493-11e7-b24b-6cf0497db129)
Drupal Security Team : CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...
Drupal Entity Access Bypass Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An access bypass vulnerability exists in version 8.x of Drupal Entity prior to 8.3.7. An attacker can exploit this vulnerability to bypass security restrictions and perfor...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team: CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...