CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2016-7572 — MEDIUM severity vulnerability | Release Alert
CVE-2016-7572
4
MEDIUMCVSS v2
Published
October 3, 2016
Affected
3 projects
Assigned by
MITRE
Severity scale
010
Description
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
GitHubVerbatim mirror of the git.drupal.org repository for Drupal core. Please see the https://github.com/drupal/drupal#contributing. PRs are not accepted on GitHub.