When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: drupal
Published: 2017-03-16T14:00:00
Updated: 2024-08-05T15:25:49.267Z
Reserved: 2017-02-28T00:00:00
Link: CVE-2017-6377
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-03-16T14:59:00.237
Modified: 2024-11-21T03:29:38.943
Link: CVE-2017-6377
Redhat
No data.