vulnerability

Drupal: CVE-2017-6924: Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	2018-01-16	2018-01-16	2024-11-27

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

2018-01-16

Added

2018-01-16

Modified

2024-11-27

Description

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.

Solution

drupal-upgrade-8_3_7

References

CVE-2017-6924
https://attackerkb.com/topics/CVE-2017-6924
URL-https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today