Description

When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.

Remediation

References

CVE-2017-6377

Related Vulnerabilities

WordPress Plugin HTTP Headers Multiple Vulnerabilities (1.9.1)

WordPress Plugin Are You a Human-The Fun Spam Blocker Cross-Site Scripting (1.4.32)

WordPress Plugin FireCask Like & Share Button Cross-Site Scripting (1.1.5)

Sqlite Out-of-bounds Read Vulnerability (CVE-2019-9936)

Oracle Database Server CVE-2010-0911 Vulnerability (CVE-2010-0911)

Severity

High

Classification

CVE-2017-6377 CWE-863 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities