CVE-2016-7572 – drupal/core

Package

Manager: composer
Name: drupal/core
Vulnerable Version: >=8.0 <8.1.10

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00253 pctl0.4849

Details

Drupal Unprivileged access to config export The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.

Metadata

Created: 2022-05-17T03:47:57Z
Modified: 2024-04-23T22:17:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fmqh-2j2x-vgp3/GHSA-fmqh-2j2x-vgp3.json
CWE IDs: []
Alternative ID: GHSA-fmqh-2j2x-vgp3
Finding: F039
Auto approve: 1