CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
drupaldrupal
8.0.0
drupaldrupal
8.0.0:alpha10
drupaldrupal
8.0.0:alpha11
drupaldrupal
8.0.0:alpha12
drupaldrupal
8.0.0:alpha13
drupaldrupal
8.0.0:alpha14
drupaldrupal
8.0.0:alpha15
drupaldrupal
8.0.0:alpha2
drupaldrupal
8.0.0:alpha3
drupaldrupal
8.0.0:alpha4
drupaldrupal
8.0.0:alpha5
drupaldrupal
8.0.0:alpha6
drupaldrupal
8.0.0:alpha7
drupaldrupal
8.0.0:alpha8
drupaldrupal
8.0.0:alpha9
drupaldrupal
8.0.0:beta1
drupaldrupal
8.0.0:beta10
drupaldrupal
8.0.0:beta11
drupaldrupal
8.0.0:beta12
drupaldrupal
8.0.0:beta13
drupaldrupal
8.0.0:beta14
drupaldrupal
8.0.0:beta15
drupaldrupal
8.0.0:beta16
drupaldrupal
8.0.0:beta2
drupaldrupal
8.0.0:beta3
drupaldrupal
8.0.0:beta4
drupaldrupal
8.0.0:beta6
drupaldrupal
8.0.0:beta7
drupaldrupal
8.0.0:beta9
drupaldrupal
8.0.0:rc1
drupaldrupal
8.0.0:rc2
drupaldrupal
8.0.0:rc3
drupaldrupal
8.0.0:rc4
drupaldrupal
8.0.1
drupaldrupal
8.0.2
drupaldrupal
8.0.3
drupaldrupal
8.0.4
drupaldrupal
8.0.5
drupaldrupal
8.0.6
drupaldrupal
8.1.0
drupaldrupal
8.1.0:beta1
drupaldrupal
8.1.0:beta2
drupaldrupal
8.1.0:rc1
drupaldrupal
8.1.1
drupaldrupal
8.1.2
drupaldrupal
8.1.3
drupaldrupal
8.1.4
drupaldrupal
8.1.5
drupaldrupal
8.1.6
drupaldrupal
8.1.7
drupaldrupal
8.1.8
drupaldrupal
8.1.9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal6
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
drupal7
artful
not-affected
zesty
not-affected
yakkety
ignored
xenial
not-affected
trusty
not-affected
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/93101
http://www.securitytracker.com/id/1036886
https://www.drupal.org/SA-CORE-2016-004
http://www.securityfocus.com/bid/93101
http://www.securitytracker.com/id/1036886
https://www.drupal.org/SA-CORE-2016-004