CVE-2017-6925

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-6925

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6925.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-6925

Aliases

GHSA-f4qx-jqfq-7785

Published

2019-01-15T17:29:00Z

Modified

2024-09-03T01:55:20.471383Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.

References

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

35c2f3ca5c935f3d8bde15932a712677c9bbd50f

Fixed

d86c3b65ee89ad7a2b4e53aafcff12a185aa749b

Affected versions

8.*

8.0.0

8.1.0-beta1

8.3.0

8.3.0-alpha1

8.3.0-beta1

8.3.0-rc1

8.3.0-rc2

8.3.1

8.3.2

8.3.3

8.3.4

8.3.5

8.3.6