Trending CVEs for the Week of July 22nd, 2019

CVE-2019-6342 – Drupal Core Access Bypass Vulnerability

Description 

According to its self-reported version, in Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. 

Affected Products

  • Drupal 8.7.4

Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are not affected

Exploitation and Risk

Currently, we are not aware of any working exploits.

Fixes

Upgrade to Drupal version 8.7.5 or later.

References

Drupal Security advisories