CVE-2019-6342

7 documents5 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 57.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Drupal Core Drupal Drupal Core Drupal Drupal

Timeline

PublishedMay 28

Latest updateJan 11

Description

An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Packagistdrupal/core8.7.4 — 8.7.5

▶CVEListV5drupal/drupal_coreDrupal 8 8.7.4

▶NVDdrupal/drupal8.7.4

🔴Vulnerability Details

OSV

Drupal Improper Access Control↗2024-01-11

▶

CVEList

Drupal core - Critical - Access bypass - SA-CORE-2019-008↗2020-05-28

▶

OSV

CVE-2019-6342: An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled↗2020-05-28

▶

OSV

CVE-2019-6342: In Drupal 8↗2019-07-17

▶

📋Vendor Advisories

Drupal

Drupal core - Critical - Access bypass - SA-CORE-2019-008↗2019-07-17

▶

💬Community

Bugzilla

CVE-2019-6342 drupal: in Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created↗2019-07-23

▶