When adding a private file via the editor in Drupal 8.2.x prior to 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 8.2.0 |
||
drupal drupal 8.2.4 |
||
drupal drupal 8.2.5 |
||
drupal drupal 8.2.2 |
||
drupal drupal 8.2.3 |
||
drupal drupal 8.2.6 |
||
drupal drupal 8.2.1 |