SB2016091607 - Access bypass in Drupal Drupal
Published: September 16, 2016
Security Bulletin ID
SB2016091607
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Access bypass (CVE-ID: N/A)
The vulnerability allows a user to get access to his session on Drupal site.The weakness is caused by access control error and allows a blocked user to maintain his session still being blocked.
Successful exploitation of the vunerability results in gaining access to the session on Drupal site by blocked user.
Remediation
Install update from vendor's website.