CVE-2016-7572

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-7572
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7572.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-7572
Aliases
Published
2016-10-03T18:59:18Z
Modified
2024-09-03T01:29:05.333127Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.

References

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type
GIT
Repo
https://github.com/drupal/drupal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
079a52b45df32b8aa82d1eb0c57bd97d1e065f57
Last affected
09dbe27efa2b6f255b804168711166bd3f8b6d4e
Last affected
13692d3b92b2d4ddd93b0ddf0a4c4d97b37e68a8
Last affected
15ddad3bf498b0e8bdfe7724e1dbaf653c2d7885
Last affected
19b32a3ab40e8c89495ee260e46a5e8375ad3756
Last affected
1db8df63020cb020ed13a9793669f6e435f64334
Last affected
260d019e286d36f7d2b4fb5b3d62723a9ee81840
Last affected
2b08ba7c1c7afb76c1e3d54e533ab631c5a0ba67
Last affected
2d64433829033660b87a1a1d054b3899a18addba
Last affected
30115b418e854f4df5b94a1667d3ade55cfb9471
Last affected
305b2f38da238705a10e543994808ce29dbdbbc0
Last affected
32801642fc1bc9f4a9942ce90e9b3669e74d16b3
Last affected
35c2f3ca5c935f3d8bde15932a712677c9bbd50f
Last affected
3f7404935955cd2a63023e77a07c4231ad5ff62a
Last affected
48786c6ee658f4ef4275962331d406ab186dd6f0
Last affected
4f05b98429b58c93fec1a8222956851f03a6c4ac
Last affected
5249c53ef0c3a715bc46bb568c91470ed0374996
Last affected
598ccc572506256a13c6b3eb978b348f0dee3c6b
Last affected
5a19562de5b1a8a056bc33c467d806073c4ac085
Last affected
5bf651dabf88766a588adf3c34a7ee2fa1ab4016
Last affected
5e60a2770329300866319aac1ab465159688d319
Last affected
6204be67bb3c1a0b64991770c27b62dbadb15007
Last affected
647bfab79e6ee1fddb339c50152315e479d4fe8f
Last affected
64de978a08663904ba8231f20d2f26c8f5a135e8
Last affected
70378b5c5dd7c99f56f7e3f36cffcd33d46644c6
Last affected
766daeb0449588db7207606c22bcf7b59d1f6f9b
Last affected
8bd13242c06ad307c72500b17c38cf325de424a0
Last affected
9b7ead2e45935bc1dadfe74490b8cbefa54f433a
Last affected
a87557fde744444c0f7f5344d4f82b721a65717e
Last affected
b101f904648a70822b87427007b6228c3824e0ae
Last affected
b7390caeeec23886c4b8d91f8952c35c034cd41f
Last affected
c0d600fe2ce507f28e91acc51d7f63be28521536
Last affected
c24c1c7694c3970213e758a7198bc4e4a9c485f8
Last affected
c3f5245f1c98a8a1cf119c977db05488e0a32074
Last affected
d918ae1ecc4e0fb86ae9296da1a39f02bd36cde4
Last affected
e15ebedc4c6afdab87c1ffd7cb1f5ca462aafe87
Last affected
f1def1199d3e73144d8931b30ebef7d2d82526cb
Last affected
f25feddd5ca56e6155e26e52667ab4fef87bb19d
Last affected
f7e125ce37fbf52b9581c2f9fade7ff33267bb42
Last affected
fc345ab700c4d00eb5d1f5000700bc534feb49c6

Affected versions

1.*

1.0

2.*

2.0

3.*

3.0.1

5.*

5.0-beta-1
5.0-beta-2
5.0-rc-1
5.0-rc-2

6.*

6.0-beta-1
6.0-beta-2
6.0-beta-3
6.0-beta-4
6.0-rc-1
6.0-rc-2
6.0-rc-3

7.*

7.0
7.0-alpha1
7.0-alpha2
7.0-alpha3
7.0-alpha4
7.0-alpha5
7.0-alpha6
7.0-alpha7
7.0-beta1
7.0-beta2
7.0-beta3
7.0-rc-1
7.0-rc-2
7.0-rc-3
7.0-rc-4
7.0-unstable-1
7.0-unstable-10
7.0-unstable-2
7.0-unstable-3
7.0-unstable-4
7.0-unstable-5
7.0-unstable-6
7.0-unstable-7

8.*

8.0-alpha10
8.0-alpha11
8.0-alpha12
8.0-alpha13
8.0-alpha2
8.0-alpha3
8.0-alpha4
8.0-alpha5
8.0-alpha6
8.0-alpha7
8.0-alpha8
8.0-alpha9
8.0.0-alpha14
8.0.0-alpha15
8.0.0-beta1
8.0.0-beta2
8.0.0-beta3
8.0.0-beta4
8.0.0-beta5
8.0.0-beta6
8.0.0-beta7
8.0.0-beta9

Other

start