cnvd - cnvd-2017-13903

CNVD-2017-13903

Vulnerability from cnvd - Published: 2017-07-12

Title

Drupal安全绕过漏洞（CNVD-2017-13903）

Description

Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal 8.3.4之前的8.x版本中存在安全绕过漏洞。攻击者可利用该漏洞绕过安全限制，执行未授权的访问。

Severity

中

Patch Name

Drupal安全绕过漏洞（CNVD-2017-13903）的补丁

Patch Description

Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal 8.3.4之前的8.x版本中存在安全绕过漏洞。攻击者可利用该漏洞绕过安全限制，执行未授权的访问。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.drupal.org/SA-CORE-2017-003

Reference

http://www.securityfocus.com/bid/99222

Impacted products

Name
Drupal Drupal 8.*< 8.3.4

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99222"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6921"
    }
  },
  "description": "Drupal\u662fDrupal\u793e\u533a\u6240\u7ef4\u62a4\u7684\u4e00\u5957\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u514d\u8d39\u3001\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nDrupal 8.3.4\u4e4b\u524d\u76848.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u7684\u8bbf\u95ee\u3002",
  "discovererName": "Samuel Mortenson",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.drupal.org/SA-CORE-2017-003",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-13903",
  "openTime": "2017-07-12",
  "patchDescription": "Drupal\u662fDrupal\u793e\u533a\u6240\u7ef4\u62a4\u7684\u4e00\u5957\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u514d\u8d39\u3001\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nDrupal 8.3.4\u4e4b\u524d\u76848.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u7684\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Drupal\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2017-13903\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Drupal Drupal  8.*\u003c 8.3.4"
  },
  "referenceLink": "http://www.securityfocus.com/bid/99222",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-23",
  "title": "Drupal\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2017-13903\uff09"
}

CVE-2017-6921 (GCVE-0-2017-6921)

Vulnerability from cvelistv5 – Published: 2019-01-15 22:00 – Updated: 2024-09-16 19:47

Summary

In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.

Severity ?

No CVSS data available.

CWE

Access Bypass

Assigner

drupal

References

URL

Tags

	http://www.securityfocus.com/bid/99222	vdb-entryx_refsource_BID
	https://www.drupal.org/forum/newsletters/security…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038781	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	Drupal	Drupal Core	Affected: Drupal 8 , < 8.3.4 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:49:01.335Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99222",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99222"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple"
          },
          {
            "name": "1038781",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038781"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Drupal Core",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThan": "8.3.4",
              "status": "affected",
              "version": "Drupal 8",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Access Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-16T10:57:01",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "name": "99222",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99222"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple"
        },
        {
          "name": "1038781",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038781"
        }
      ],
      "source": {
        "advisory": "SA-CORE-2017-003",
        "discovery": "UNKNOWN"
      },
      "title": "File REST resource does not properly validate",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "security@drupal.org",
          "DATE_PUBLIC": "",
          "ID": "CVE-2017-6921",
          "STATE": "PUBLIC",
          "TITLE": "File REST resource does not properly validate"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Drupal Core",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "Drupal 8",
                            "version_value": "8.3.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Drupal"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource."
            }
          ]
        },
        "exploit": [],
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Access Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99222",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99222"
            },
            {
              "name": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple",
              "refsource": "CONFIRM",
              "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple"
            },
            {
              "name": "1038781",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038781"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "SA-CORE-2017-003",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2017-6921",
    "datePublished": "2019-01-15T22:00:00Z",
    "dateReserved": "2017-03-16T00:00:00",
    "dateUpdated": "2024-09-16T19:47:08.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-13903

CVE-2017-6921 (GCVE-0-2017-6921)

Tags

Sightings

Nomenclature