CVE-2019-6342

An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.

CVSS v3 9.8 CRITICAL
CVSS v2.0 6.8 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.drupal.org/sa-core-2019-008	Vendor Advisory
https://www.drupal.org/sa-core-2019-008	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:drupal:drupal:8.7.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-05-28 21:15

Updated : 2024-11-21 04:46

NVD link : CVE-2019-6342

Mitre link : CVE-2019-6342

CVE.ORG link : CVE-2019-6342

JSON object : View

Products Affected

drupal

drupal

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-6342", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-05-28T21:15:11.373", "references": [{"url": "https://www.drupal.org/sa-core-2019-008", "tags": ["Vendor Advisory"], "source": "mlhess@drupal.org"}, {"url": "https://www.drupal.org/sa-core-2019-008", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de omisi\u00f3n de acceso cuando el m\u00f3dulo de Workspaces experimental en el core de Drupal versi\u00f3n 8 est\u00e1 habilitado. Esto puede mitigarse deshabilitando el m\u00f3dulo Workspaces. No afecta a ninguna versi\u00f3n que no sea Drupal versi\u00f3n 8.7.4."}], "lastModified": "2024-11-21T04:46:26.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:8.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "502B1D64-02ED-410D-863B-4DCAF1E4C800"}], "operator": "OR"}]}], "sourceIdentifier": "mlhess@drupal.org"}