Bug 1548323 (CVE-2017-6926, CVE-2017-6927, CVE-2017-6928, CVE-2017-6929, CVE-2017-6930, CVE-2017-6931, CVE-2017-6932)
Summary: | CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jsmith.fedora, peter.borsa, shawn, stickster |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | drupal7 7.57, drupal8 8.4.5 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-03-21 03:26:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1548324, 1548325, 1548326 | ||
Bug Blocks: |
Description
Adam Mariš
2018-02-23 08:27:48 UTC
Created drupal7 tracking bugs for this issue: Affects: epel-all [bug 1548324] Affects: fedora-all [bug 1548326] Created drupal8 tracking bugs for this issue: Affects: fedora-all [bug 1548325] CVEs were assigned for these issues. Comment reply form allows access to restricted content - Critical - Drupal 8 - CVE-2017-6926 JavaScript cross-site scripting prevention is incomplete - Critical - Drupal 7 and Drupal 8 - CVE-2017-6927 Private file access bypass - Moderately Critical - Drupal 7 - CVE-2017-6928 jQuery vulnerability with untrusted domains - Moderately Critical - Drupal 7 - CVE-2017-6929 Language fallback can be incorrect on multilingual sites with node access restrictions - Moderately Critical - Drupal 8 - CVE-2017-6930 Settings Tray access bypass - Moderately Critical - Drupal 8 - CVE-2017-6931 External link injection on 404 pages when linking to the current page - Less Critical - Drupal 7 - CVE-2017-6932 drupal6-6.38-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. Closing this tracking bug because all dependent bugs have been closed and the following error occurs when requesting the reporter to close this bug:
> You can't ask Adam Mariš <amaris> because that account is disabled.
|