CVE-2017-6377

Summary

When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.

Affected Software

VendorProductVersion RangeStatus
DrupalDrupal Core8.2.x versions before 8.2.7affected

Weaknesses

  • Access Bypass

ADP Enrichment

CVE Program Container

Additional References

References