CVE-2017-6919

CVE-2017-6919

EPSS 1.6%

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.drupal.org/SA-CORE-2017-002 http://www.securityfocus.com/bid/97941 http://www.securitytracker.com/id/1038371