Drupal 8.1.x < 8.1.10 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 9729

Synopsis

The remote server is hosting an outdated installation of Drupal that is vulnerable to multiple attack vectors.

Description

The version of Drupal installed on the remote server is 8.1.x prior to 8.1.10, and is affected by the following vulnerabilities :

- A flaw exists that is due to the program allowing users who have rights to edit a node to set the visibility for comments on that node. This may allow an authenticated remote attacker to adjust a node's comment visibility preferences without the appropriate privileges. (CVE-2016-7570)
- A flaw exists that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when handling HTTP exception messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2016-7571)
- A flaw exists related to the 'system.temporary' route that may allow an authenticated remote attacker to download the full config export without the appropriate privileges. This may allow the attacker to gain unauthorized access to sensitive information. (CVE-2016-7572)

Solution

Upgrade to Drupal 8.1.10 or later.

See Also

https://www.drupal.org/SA-CORE-2016-004

Plugin Details

Severity: Medium

ID: 9729

Family: CGI

Published: 2016/10/28

Updated: 2019/03/06

Dependencies: 9212

Nessus ID: 94051

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 3.6

Temporal Score: 3.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:drupal:drupal

Patch Publication Date: 2016/09/21

Vulnerability Publication Date: 2016/09/21

Reference Information

CVE: CVE-2016-7570, CVE-2016-7571, CVE-2016-7572

BID: 93101