CVE-2019-6342: Drupal Access Bypass Vulnerability Alert
Recently, Drupal officially released a security bulletin to fix an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental workspaces module is enabled, the conditions for access bypass are created for the attacker. Drupal official rated the vulnerability as critical.
Affected version
- Drupal Version == 8.7.4
Unaffected version
- Drupal Version == 8.7.5
- Drupal Version <= 8.7.3
- Drupal Version <= 8.6.x
- Drupal Version 7.x
Solution
The Drupal has fixed the vulnerability in version 8.7.5, and the affected users should upgrade Drupal as soon as possible.