CVE Vulnerabilities

CVE-2016-7570

Published: Oct 03, 2016 | Modified: Oct 04, 2016
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Drupal 8.x before 8.1.10 does not properly check for Administer comments permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.

Affected Software

Name Vendor Start Version End Version
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.1.0 8.1.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.1.2 8.1.2
Drupal Drupal 8.1.6 8.1.6
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.1.8 8.1.8
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.1.9 8.1.9
Drupal Drupal 8.1.5 8.1.5
Drupal Drupal 8.0.4 8.0.4
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.5 8.0.5
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.1.0 8.1.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.1.3 8.1.3
Drupal Drupal 8.0.2 8.0.2
Drupal Drupal 8.0.3 8.0.3
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.1.0 8.1.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.1.0 8.1.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.1.7 8.1.7
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.1 8.0.1
Drupal Drupal 8.1.1 8.1.1
Drupal Drupal 8.1.4 8.1.4
Drupal Drupal 8.0.6 8.0.6
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0
Drupal Drupal 8.0.0 8.0.0

References