Critical Access Bypass Vulnerability in Drupal 8 RESTful Web Services

Critical Access Bypass Vulnerability in Drupal 8 RESTful Web Services

CVE-2017-6919 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

Learn more about our Web App Pen Testing.