CVE-2017-6926
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.
Known Affected Software
5 configuration(s) from 1 vendor(s)
drupal
Version:
8.4.2
CPE:
cpe:2.3:a:drupal:drupal:8.4.2:*:*:*:*:*:*:*
drupal
Version:
8.4.3
CPE:
cpe:2.3:a:drupal:drupal:8.4.3:*:*:*:*:*:*:*
drupal
Version:
8.4.1
CPE:
cpe:2.3:a:drupal:drupal:8.4.1:*:*:*:*:*:*:*
drupal
Version:
8.4.4
CPE:
cpe:2.3:a:drupal:drupal:8.4.4:*:*:*:*:*:*:*
drupal
Version:
8.4.0
CPE:
cpe:2.3:a:drupal:drupal:8.4.0:-:*:*:*:*:*:*
This vulnerability affects 5 software configuration(s). Ensure you patch all affected systems.
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
- Description
- The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- Abstraction Level
- Class
Key Information
- Published Date
- March 01, 2018
