Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2017-6919

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

  • Published: Apr 20, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-6919
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6
  • AV:N/AC:M/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
drupal / drupal 8.2.5 8.2.5.x
drupal / drupal 8.0.0-alpha9 8.0.0-alpha9.x
drupal / drupal 8.2.0 8.2.0.x
drupal / drupal 8.2.0-beta3 8.2.0-beta3.x
drupal / drupal 8.2.3 8.2.3.x
drupal / drupal 8.0.0-beta12 8.0.0-beta12.x
drupal / drupal 8.0.0-beta15 8.0.0-beta15.x
drupal / drupal 8.3.0 8.3.0.x
drupal / drupal 8.1.0-rc1 8.1.0-rc1.x
drupal / drupal 8.0.0-beta3 8.0.0-beta3.x
drupal / drupal 8.0.0-alpha11 8.0.0-alpha11.x
drupal / drupal 8.0.0-rc1 8.0.0-rc1.x
drupal / drupal 8.0.0-beta16 8.0.0-beta16.x
drupal / drupal 8.0.0-alpha4 8.0.0-alpha4.x
drupal / drupal 8.1.2 8.1.2.x
drupal / drupal 8.1.6 8.1.6.x
drupal / drupal 8.0.0-alpha3 8.0.0-alpha3.x
drupal / drupal 8.0.0-alpha2 8.0.0-alpha2.x
drupal / drupal 8.0.0-beta4 8.0.0-beta4.x
drupal / drupal 8.2.0-rc1 8.2.0-rc1.x
drupal / drupal 8.0.0-alpha6 8.0.0-alpha6.x
drupal / drupal 8.2.0-beta2 8.2.0-beta2.x
drupal / drupal 8.3.0-alpha1 8.3.0-alpha1.x
drupal / drupal 8.1.8 8.1.8.x
drupal / drupal 8.0.0-beta11 8.0.0-beta11.x
drupal / drupal 8.1.9 8.1.9.x
drupal / drupal 8.1.5 8.1.5.x
drupal / drupal 8.1.10 8.1.10.x
drupal / drupal 8.0.4 8.0.4.x
drupal / drupal 8.0.0-rc4 8.0.0-rc4.x
drupal / drupal 8.0.5 8.0.5.x
drupal / drupal 8.0.0-beta6 8.0.0-beta6.x
drupal / drupal 8.3.0-beta1 8.3.0-beta1.x
drupal / drupal 8.2.7 8.2.7.x
drupal / drupal 8.0.0-alpha15 8.0.0-alpha15.x
drupal / drupal 8.1.0-beta1 8.1.0-beta1.x
drupal / drupal 8.0.0-beta7 8.0.0-beta7.x
drupal / drupal 8.2.0-rc2 8.2.0-rc2.x
drupal / drupal 8.0.0-alpha12 8.0.0-alpha12.x
drupal / drupal 8.1.3 8.1.3.x
drupal / drupal 8.0.2 8.0.2.x
drupal / drupal 8.0.3 8.0.3.x
drupal / drupal 8.0.0-beta2 8.0.0-beta2.x
drupal / drupal 8.0.0-alpha14 8.0.0-alpha14.x
drupal / drupal 8.2.4 8.2.4.x
drupal / drupal 8.0.0-beta13 8.0.0-beta13.x
drupal / drupal 8.0.0-alpha7 8.0.0-alpha7.x
drupal / drupal 8.1.0-beta2 8.1.0-beta2.x
drupal / drupal 8.3.0-rc1 8.3.0-rc1.x
drupal / drupal 8.0.0-beta10 8.0.0-beta10.x
drupal / drupal 8.2.6 8.2.6.x
drupal / drupal 8.1.0 8.1.0.x
drupal / drupal 8.0.0-alpha13 8.0.0-alpha13.x
drupal / drupal 8.0.0-alpha10 8.0.0-alpha10.x
drupal / drupal 8.0.0-beta1 8.0.0-beta1.x
drupal / drupal 8.1.7 8.1.7.x
drupal / drupal 8.0.0-alpha8 8.0.0-alpha8.x
drupal / drupal 8.0.0-rc2 8.0.0-rc2.x
drupal / drupal 8.2.1 8.2.1.x
drupal / drupal 8.3.0-rc2 8.3.0-rc2.x
drupal / drupal 8.0.1 8.0.1.x
drupal / drupal 8.1.1 8.1.1.x
drupal / drupal 8.1.4 8.1.4.x
drupal / drupal 8.0.6 8.0.6.x
drupal / drupal 8.0.0-rc3 8.0.0-rc3.x
drupal / drupal 8.2.2 8.2.2.x
drupal / drupal 8.0.0-alpha5 8.0.0-alpha5.x
drupal / drupal 8.2.0-beta1 8.2.0-beta1.x
drupal / drupal 8.0.0-beta9 8.0.0-beta9.x
drupal / drupal 8.0.0-beta14 8.0.0-beta14.x
drupal / drupal 8.0.0 8.0.0.x