Main Vulnerability Database Vulnerabilities #VU10699

#VU10699 Information disclosure in Drupal - CVE-2017-6926

Published: February 22, 2018 / Updated: March 23, 2018

Vulnerability identifier: #VU10699

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-6926

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Drupal

Software vendor:
Drupal

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists improper permissions controls in the comment system. A remote attacker permission to post comments can view content and comments he doesn't have access to, and is also able to add comments to this content.

Remediation

Update to version 8.4.5.

External links

https://www.drupal.org/sa-core-2018-001

#VU10699 Information disclosure in Drupal - CVE-2017-6926

Description

Remediation

External links

Please verify you're human