Security restrictions bypass in Drupal - CVE-2017-6924
Published: August 16, 2017
Vulnerability identifier: #VU7962
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6924
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to views.
The vulnerability exists due to a design error within RESTful Web Services (rest) module. A remote unauthenticated attacker can use REST API functionality to publish comments without approval.
Successful exploitation of the vulnerability may allow an attacker to post unauthorized comments.
The vulnerability exists due to a design error within RESTful Web Services (rest) module. A remote unauthenticated attacker can use REST API functionality to publish comments without approval.
Successful exploitation of the vulnerability may allow an attacker to post unauthorized comments.
How to mitigate CVE-2017-6924
Update to version 8.3.7.