Published: 22/01/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

In Drupal core 8.x before 8.3.4 and Drupal core 7.x before 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal
debian debian linux 8.0
debian debian linux 9.0

Two vulnerabilities were discovered in Drupal, a fully-featured content management framework The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to displaying their contents, leading t ...

CWE-552 https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple https://www.debian.org/security/2017/dsa-3897 http://www.securitytracker.com/id/1038781 http://www.securityfocus.com/bid/99219 https://nvd.nist.gov https://www.debian.org/security/./dsa-3897

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-6922

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect