Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2017-04-20T02:43:00

Updated: 2024-08-05T15:49:02.380Z

Reserved: 2017-03-16T00:00:00

Link: CVE-2017-6919

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-04-20T02:59:00.143

Modified: 2024-11-21T03:30:48.660

Link: CVE-2017-6919

cve-icon Redhat

No data.