Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-6921

In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.

Published

2019-01-15T21:29:00.243

Last Modified

2024-11-21T03:30:48.923

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	drupal	drupal	< 8.3.4	Yes

References

http://www.securityfocus.com/bid/99222 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1038781 Third Party Advisory, VDB Entry ([email protected])
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple Mitigation, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/99222 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038781 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)