Short Name |
HTTP:DRUPAL-INFO-DISCLOSURE |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Drupal Core system.temporary Information Disclosure |
Release Date |
2016/10/06 |
Update Number |
2784 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
An information disclosure vulnerability has been reported in Drupal Core. Successful exploitation could result in the disclosure of sensitive information.
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.