CVE-2017-6922

Files uploaded by anonymous users into a private file system can be accessed by other anonymous users

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.

En Drupal core, en las versiones 8.x anteriores a la 8.3.4 y en las 7.x anteriores a la 7.56, los archivos privados subidos por un usuario anónimo que no estén conectados al contenido del sitio deberían ser visibles solo para el mismo usuario anónimo que los subió, en lugar de todos los usuarios anónimos. Anteriormente, Drupal core no disponía de esta protección, permitiendo que ocurriera una vulnerabilidad de omisión de acceso. Este problema se mitiga por el hecho de que, para que se vea afectado, el sitio deberá permitir a los usuarios anónimos subir archivos a un sistema de archivos privado.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-03-16 CVE Reserved
2019-01-22 CVE Published
2024-08-17 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-552: Files or Directories Accessible to External Parties

CAPEC

References (4)

URL	Tag	Source
http://www.securityfocus.com/bid/99219	Third Party Advisory
http://www.securitytracker.com/id/1038781	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple	2023-11-07

URL	Date	SRC
https://www.debian.org/security/2017/dsa-3897	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Drupal Search vendor "Drupal"		Drupal Search vendor "Drupal" for product "Drupal"				>= 7.0 < 7.56 Search vendor "Drupal" for product "Drupal" and version " >= 7.0 < 7.56"		-		Affected
Drupal Search vendor "Drupal"		Drupal Search vendor "Drupal" for product "Drupal"				>= 8.0.0 < 8.3.4 Search vendor "Drupal" for product "Drupal" and version " >= 8.0.0 < 8.3.4"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected