In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: drupal
Published: 2019-01-15T17:00:00
Updated: 2024-08-05T15:49:01.370Z
Reserved: 2017-03-16T00:00:00
Link: CVE-2017-6925
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-01-15T17:29:00.210
Modified: 2024-11-21T03:30:49.420
Link: CVE-2017-6925
Redhat
No data.