Lucene search
GoogleOSV:CVE-2017-6923HistoryJan 22, 2019 - 3:29 p.m.
CVE-2017-6923
2019-01-2215:29:00
Google
osv.dev
4
In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.
Related
friendsofphp
friendsofphp
Views does not properly restrict access to the Ajax endpoint.
2017-08-16 17:10:35
Views does not properly restrict access to the Ajax endpoint.
2017-08-16 17:10:35
github
github
Missing Authorization in Drupal
2019-10-10 19:31:31
nvd
nvd
CVE-2017-6923
2019-01-22 15:29:00
cve
cve
CVE-2017-6923
2019-01-22 16:00:00
cvelist
cvelist
CVE-2017-6923 Access bypass in Drupal 8 views
2019-01-22 16:00:00
veracode
veracode
Access Bypass
2017-10-26 05:29:01
osv
osv
Missing Authorization in Drupal
2019-10-10 19:31:31
prion
prion
Code injection
2019-01-22 15:29:00
nessus
nessus
Fedora 25 : drupal8 (2017-902970c18f)
2017-09-11 00:00:00
Drupal 8.x < 8.3.7 Multiple Vulnerabilities
2018-11-05 00:00:00
openvas
openvas
Drupal Core Multiple Vulnerabilities (SA-CORE-2017-004) - Linux
2017-08-17 00:00:00
Fedora Update for drupal8 FEDORA-2017-902970c18f
2017-09-09 00:00:00
Fedora Update for drupal8 FEDORA-2017-0fbd57c134
2017-09-09 00:00:00
threatpost
threatpost
Drupal Patches Critical Access Bypass Bug
2017-08-17 15:50:33
fedora
fedora
[SECURITY] Fedora 26 Update: drupal8-8.3.7-1.fc26
2017-09-08 16:22:14
[SECURITY] Fedora 25 Update: drupal8-8.3.7-1.fc25
2017-09-08 21:21:26
[SECURITY] Fedora 26 Update: drupal8-8.3.9-1.fc26
2018-04-24 03:28:25
freebsd
freebsd
drupal -- Drupal Core - Multiple Vulnerabilities
2017-08-16 00:00:00
ibm
ibm