728x90
Description
This is a critical access bypass vulnerability. A site is only affected by this if all of the following conditions are met:
- The site has the RESTful Web Services (
rest) module enabled. - The site allows
PATCHrequests. - An attacker can get or register a user account on the site.
While we don't normally provide security releases for unsupported minor releases, given the potential severity of this issue, we have also provided an 8.2.x release to ensure that sites that have not had a chance to update to 8.3.0 can update safely.
CVE identifier(s) issued
- CVE-2017-6919
Versions affected
- Drupal 8 prior to 8.2.8 and 8.3.1.
- Drupal 7.x is not affected.
Solution
- If the site is running Drupal 8.2.7 or earlier, upgrade to 8.2.8.
- If the site is running Drupal 8.3.0, upgrade to 8.3.1.
Also see the Drupal core project page.
Reported by
Fixed by
- Alex Pott of the Drupal Security Team
- xjm of the Drupal Security Team
- Lee Rowlands of the Drupal Security Team
- Wim Leers
- Sascha Grossenbacher
- Daniel Wehner
- Tobias Stöckler
- Nathaniel Catchpole of the Drupal Security Team
728x90
'취약점 정보2' 카테고리의 다른 글
| IBM Releases Security Update (0) | 2017.04.26 |
|---|---|
| 우분투/리눅스민트/하모니카 커널 업데이트 4.4.0-75 (0) | 2017.04.25 |
| ipTIME NAS 제품군 펌웨어 1.2.80 업데이트 권고 (0) | 2017.04.22 |
| VirtualBox 5.1.20 (0) | 2017.04.22 |
| Cisco 다중 취약점 보안 업데이트 권고 (0) | 2017.04.21 |
