CVE-2019-6342
published 2020-05-28CVE-2019-6342: An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces…
PriorityP351critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.60%
72.7th percentile
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | core | >= 8.7.4 < 8.7.5 | 8.7.5 |
| drupal | drupal | — | — |
| drupal | drupal_core | — | — |
| drupal | drupal_core | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Drupal Improper Access Control
osv·2024-01-11
CVE-2019-6342 [CRITICAL] Drupal Improper Access Control
Drupal Improper Access Control
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
OSV
CVE-2019-6342: An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled
osv·2020-05-28·CVSS 9.8
CVE-2019-6342 [CRITICAL] CVE-2019-6342: An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
OSV
CVE-2019-6342: In Drupal 8
osv·2019-07-17
CVE-2019-6342 CVE-2019-6342: In Drupal 8
In Drupal 8.7.4, when the [experimental](https://www.drupal.org/core/experimental#beta) Workspaces module is enabled, an access bypass condition is created.
This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are **not** affected.
Drupal
Drupal core - Critical - Access bypass - SA-CORE-2019-008
vendor_drupal·2019-07-17
CVE-2019-6342 [HIGH] Drupal core - Critical - Access bypass - SA-CORE-2019-008
Title: Drupal core - Critical - Access bypass - SA-CORE-2019-008
Vulnerability Type: Access bypass
Description: In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4. Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are not affected.
Solution: If the site is running Drupal 8.7.4, upgrade to Drupal 8.7.5. Note, manual step needed. For sites with the Workspaces module enabled, update.php needs to run to ensure a required cache clear. If there is a reverse proxy cache or content delivery network (e.g. Varnish, CloudFlare) it is also advisable to clear these as well.
No detection rules found.
No public exploits indexed.
2020-05-28
Published