Description

An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.

Remediation

References

CVE-2019-6342

Related Vulnerabilities

WordPress Plugin Locations Cross-Site Request Forgery (3.2.1)

Oracle Database Server CVE-2014-6452 Vulnerability (CVE-2014-6452)

Liferay Portal Origin Validation Error Vulnerability (CVE-2022-25146)

WordPress Plugin 360 Product Rotation Arbitrary File Upload (1.2.4)

WordPress Plugin WordPress WP-Advanced-Search SQL Injection (3.3.6)

Severity

Critical

Classification

CVE-2019-6342 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities