vulnerability

Drupal: CVE-2017-6925: Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Jan 16, 2018	Jan 16, 2018	Nov 27, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Jan 16, 2018

Added

Jan 16, 2018

Modified

Nov 27, 2024

Description

In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.

Solution

drupal-upgrade-8_3_7

References

CVE-2017-6925
https://attackerkb.com/topics/CVE-2017-6925
URL-https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today