When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2017-03-16T14:00:00

Updated: 2024-08-05T15:25:49.267Z

Reserved: 2017-02-28T00:00:00

Link: CVE-2017-6377

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-03-16T14:59:00.237

Modified: 2024-11-21T03:29:38.943

Link: CVE-2017-6377

cve-icon Redhat

No data.