Drupal 8.7.4 Access Bypass Vulnerability (SA-CORE-2019-008) (drupal-2019-07-17)
High Nessus Plugin ID 126952
SynopsisA PHP application running on the remote web server is affected by a vulnerability.
DescriptionAccording to its self-reported version, the instance of Drupal running on the remote web server is 8.7.4. It is, therefore, affected by an access bypass condition when the experimental Workspaces module is enabled.
Note this vulnerability does not affect any release other than Drupal 8.7.4. Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are not affected.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Drupal version 8.7.5 or later.