CVE-2017-6925

{"id": "CVE-2017-6925", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-01-15T17:29:00.210", "references": [{"url": "http://www.securityfocus.com/bid/100368", "tags": ["Third Party Advisory", "VDB Entry"], "source": "mlhess@drupal.org"}, {"url": "http://www.securitytracker.com/id/1039200", "tags": ["Third Party Advisory", "VDB Entry"], "source": "mlhess@drupal.org"}, {"url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple", "tags": ["Mitigation", "Vendor Advisory"], "source": "mlhess@drupal.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity."}, {"lang": "es", "value": "En versiones de Drupal 8 core anteriores a la 8.3.7, hay una vulnerabilidad en el sistema de acceso de entidades que podr\u00eda permitir el acceso no deseado para visualizar, crear, actualizar o eliminar entidades. Esto solo afecta a las entidades que no emplean o no poseen UUID, as\u00ed como a las entidades que tienen diferentes restricciones de acceso en diferentes revisiones de la misma entidad."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FBCD6DA-4FA4-449D-BF4F-4B24C9E4AFA3", "versionEndExcluding": "8.3.7", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "mlhess@drupal.org"}