Insufficient Access Control in Drupal 8.x before 8.1.10
CVE-2016-7572 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
Learn more about our User Device Pen Test.