CVE-2017-6925
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.
Known Affected Software
35 configuration(s) from 1 vendor(s)
drupal
Version:
8.0
CPE:
cpe:2.3:a:drupal:drupal:8.0:alpha10:*:*:*:*:*:*
drupal
Version:
8.2.2
CPE:
cpe:2.3:a:drupal:drupal:8.2.2:*:*:*:*:*:*:*
drupal
Version:
8.1.10
CPE:
cpe:2.3:a:drupal:drupal:8.1.10:*:*:*:*:*:*:*
drupal
Version:
8.0.0
CPE:
cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*
drupal
Version:
8.1.4
CPE:
cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*
drupal
Version:
8.1.2
CPE:
cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*
drupal
Version:
8.0.3
CPE:
cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*
drupal
Version:
8.0.2
CPE:
cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*
drupal
Version:
8.0.1
CPE:
cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*
drupal
Version:
8.2.5
CPE:
cpe:2.3:a:drupal:drupal:8.2.5:*:*:*:*:*:*:*
drupal
Version:
8.1.3
CPE:
cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*
drupal
Version:
8.2.0
CPE:
cpe:2.3:a:drupal:drupal:8.2.0:-:*:*:*:*:*:*
drupal
Version:
8.1.7
CPE:
cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*
drupal
Version:
8.2.1
CPE:
cpe:2.3:a:drupal:drupal:8.2.1:*:*:*:*:*:*:*
drupal
Version:
8.3.6
CPE:
cpe:2.3:a:drupal:drupal:8.3.6:*:*:*:*:*:*:*
drupal
Version:
8.1.5
CPE:
cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*
drupal
Version:
8.0.4
CPE:
cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*
drupal
Version:
8.1.0
CPE:
cpe:2.3:a:drupal:drupal:8.1.0:-:*:*:*:*:*:*
drupal
Version:
8.1.8
CPE:
cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*
drupal
Version:
8.0.5
CPE:
cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*
drupal
Version:
8.0.6
CPE:
cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*
drupal
Version:
8.3.5
CPE:
cpe:2.3:a:drupal:drupal:8.3.5:*:*:*:*:*:*:*
drupal
Version:
8.2.7
CPE:
cpe:2.3:a:drupal:drupal:8.2.7:*:*:*:*:*:*:*
drupal
Version:
8.1.9
CPE:
cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*
drupal
Version:
8.2.3
CPE:
cpe:2.3:a:drupal:drupal:8.2.3:*:*:*:*:*:*:*
drupal
Version:
8.2.4
CPE:
cpe:2.3:a:drupal:drupal:8.2.4:*:*:*:*:*:*:*
drupal
Version:
8.3.3
CPE:
cpe:2.3:a:drupal:drupal:8.3.3:*:*:*:*:*:*:*
drupal
Version:
8.2.6
CPE:
cpe:2.3:a:drupal:drupal:8.2.6:*:*:*:*:*:*:*
drupal
Version:
8.3.2
CPE:
cpe:2.3:a:drupal:drupal:8.3.2:*:*:*:*:*:*:*
drupal
Version:
8.2.8
CPE:
cpe:2.3:a:drupal:drupal:8.2.8:*:*:*:*:*:*:*
drupal
Version:
8.3.0
CPE:
cpe:2.3:a:drupal:drupal:8.3.0:-:*:*:*:*:*:*
drupal
Version:
8.3.1
CPE:
cpe:2.3:a:drupal:drupal:8.3.1:*:*:*:*:*:*:*
drupal
Version:
8.3.4
CPE:
cpe:2.3:a:drupal:drupal:8.3.4:*:*:*:*:*:*:*
drupal
Version:
8.1.1
CPE:
cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*
drupal
Version:
8.1.6
CPE:
cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*
This vulnerability affects 35 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://www.securityfocus.com/bid/100368mlhess@drupal.org Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039200mlhess@drupal.org Third Party Advisory VDB Entry
-
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiplemlhess@drupal.org Mitigation Vendor Advisory
-
http://www.securityfocus.com/bid/100368af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039200af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multipleaf854a3a-2127-422b-91ae-364da2661108 Mitigation Vendor Advisory
Severity Details
out of 10.0
Low
Key Information
- Published Date
- January 15, 2019
