Fri. Aug 14th, 2020

CVE-2019-6342: Drupal Access Bypass Vulnerability Alert

1 min read

Recently, Drupal officially released a security bulletin to fix an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental workspaces module is enabled, the conditions for access bypass are created for the attacker. Drupal official rated the vulnerability as critical.

Drupal Remote Code Execution

Affected version

  • Drupal Version == 8.7.4

Unaffected version

  • Drupal Version == 8.7.5
  • Drupal Version <= 8.7.3
  • Drupal Version <= 8.6.x
  • Drupal Version 7.x

Solution

The Drupal has fixed the vulnerability in version 8.7.5, and the affected users should upgrade Drupal as soon as possible.