CVE-2019-6342: Drupal Access Bypass Vulnerability Alert

by ·

Recently, Drupal officially released a security bulletin to fix an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental workspaces module is enabled, the conditions for access bypass are created for the attacker. Drupal official rated the vulnerability as critical.

Drupal Remote Code Execution

Affected version

  • Drupal Version == 8.7.4

Unaffected version

  • Drupal Version == 8.7.5
  • Drupal Version <= 8.7.3
  • Drupal Version <= 8.6.x
  • Drupal Version 7.x

Solution

The Drupal has fixed the vulnerability in version 8.7.5, and the affected users should upgrade Drupal as soon as possible.

Tags: