CVE-2016-6211 – drupal/core

Package

Manager: composer
Name: drupal/core
Vulnerable Version: >=7.0 <7.44

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01181 pctl0.77964

Details

Drupal Saving user accounts can sometimes grant the user all roles The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

Metadata

Created: 2022-05-17T03:39:45Z
Modified: 2024-04-23T17:18:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-frqf-9qr4-6vxf/GHSA-frqf-9qr4-6vxf.json
CWE IDs: ["CWE-269"]
Alternative ID: GHSA-frqf-9qr4-6vxf
Finding: F159
Auto approve: 1