Your submission was sent successfully! Close

CVE-2016-7570

Published: 3 October 2016

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.

Priority

Medium

CVSS 3 base score: 4.3

Status

Package Release Status
drupal6
Launchpad, Ubuntu, Debian
artful Does not exist

precise Does not exist
(precise was needed)
trusty Does not exist

upstream Needs triage

xenial Does not exist

yakkety Does not exist

zesty Does not exist

drupal7
Launchpad, Ubuntu, Debian
artful Not vulnerable

precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was not-affected)
upstream Needs triage

xenial Not vulnerable

yakkety Ignored
(reached end-of-life)
zesty Not vulnerable