CVE-2016-7570

Sažetak

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.

Reference

http://www.securityfocus.com/bid/93101
http://www.securitytracker.com/id/1036886
https://www.drupal.org/SA-CORE-2016-004

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

04-10-2016 - 17:42

Objavljeno

03-10-2016 - 18:59