In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2019-01-15T17:00:00

Updated: 2024-08-05T15:49:01.370Z

Reserved: 2017-03-16T00:00:00

Link: CVE-2017-6925

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-01-15T17:29:00.210

Modified: 2024-11-21T03:30:49.420

Link: CVE-2017-6925

cve-icon Redhat

No data.