CVE-2017-6377

State: PUBLISHED · Published: 2017-03-16 · Updated: 2024-08-05 · Assigner: drupal

Description

When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.

CWE

(none)

Affected

Drupal / Drupal Core — v=8.2.x versions before 8.2.7 [affected]

CVSS

(none)

References

http://www.securitytracker.com/id/1038058 vdb-entry, x_refsource_SECTRACK
https://www.drupal.org/SA-2017-001 x_refsource_CONFIRM
http://www.securityfocus.com/bid/96919 vdb-entry, x_refsource_BID

Source

cvelistV5-main/cves/2017/6xxx/CVE-2017-6377.json