CVE-2017-6379
Description
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
CWE
- (none)
Affected
- Drupal / Drupal Core — v=8.2.x versions before 8.2.7 [affected]
CVSS
- (none)
References
- http://www.securitytracker.com/id/1038058 vdb-entry, x_refsource_SECTRACK
- https://www.drupal.org/SA-2017-001 x_refsource_CONFIRM
- http://www.securityfocus.com/bid/96919 vdb-entry, x_refsource_BID
Source
cvelistV5-main/cves/2017/6xxx/CVE-2017-6379.json