Vulnerability in Drupal.org Drupal Core
CVE-2017-6931
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a cu…
EPSS: 0.002 (39.3th percentile) — read the EPSS interpretation.
Affected products
- Drupal.org Drupal Core — versions 8.4.x versions before 8.4.5
References
- www.drupal.org/sa-core-2018-001 (x_refsource_CONFIRM)