Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: drupal
Published: 2017-04-20T02:43:00
Updated: 2024-08-05T15:49:02.380Z
Reserved: 2017-03-16T00:00:00
Link: CVE-2017-6919
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-04-20T02:59:00.143
Modified: 2024-11-21T03:30:48.660
Link: CVE-2017-6919
Redhat
No data.