Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-6923

UNKNOWN
Published 2019-01-22T16:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-6923. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Drupal

Drupal core

Affected Versions:

8.x

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Missing Authorization in Drupal

GHSA-v3f6-f29f-rgvp

Advisory Details

In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.

Affected Packages

Packagist drupal/core
ECOSYSTEM: ≥8.0 <8.3.7
Packagist drupal/drupal
ECOSYSTEM: ≥8.0 <8.3.7

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-6923
WEB https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6923.yaml
WEB https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6923.yaml
WEB https://www.drupal.org/SA-CORE-2017-004
WEB https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
WEB http://www.securityfocus.com/bid/100368
WEB http://www.securitytracker.com/id/1039200

Advisory provided by GitHub Security Advisory Database. Published: October 10, 2019, Modified: August 18, 2021

References

http://www.securityfocus.com/bid/100368
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
http://www.securitytracker.com/id/1039200
Published: 2019-01-22T16:00:00Z
Last Modified: 2024-09-16T17:42:46.607Z
Copied to clipboard!