ASA-2019-00456 – Drupal: Access bypass when the experimental Workspaces module is enabled


Allele Security Alert

ASA-2019-00456

Identifier(s)

ASA-2019-00456, CVE-2019-6342, SA-CORE-2019-008

Title

Access bypass when the experimental Workspaces module is enabled

Vendor(s)

The Drupal Core

Product(s)

Drupal

Affected version(s)

Drupal version 8.7.4

Fixed version(s)

Drupal version 8.7.5

Proof of concept

Unknown

Description

In Drupal version 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created.

Technical details

Unknown

Credits

Dave Botsch

Reference(s)

Drupal core – Critical – Access bypass – SA-CORE-2019-008
https://www.drupal.org/sa-core-2019-008

CVE-2019-6342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6342

CVE-2019-6342
https://nvd.nist.gov/vuln/detail/CVE-2019-6342

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: July 22, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.