According to its self-reported version number, the detected Drupal application is affected by an access bypass vulnerability due to an unspecified flaw when the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. An authenticated, remote attacker can exploit this to bypass critical access restrictions.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Drupal Security Team Reports :

CVE-2017-6919: Access bypass

According to its self-reported version, the instance of Drupal running on the remote web server is 8.x prior to 8.2.8 or 8.3.x prior to 8.3.1. It is, therefore, affected by an access bypass vulnerability due to an unspecified flaw when the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. An authenticated, remote attacker can exploit this to bypass critical access restrictions.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

-     [8.3.1](https://www.drupal.org/project/drupal/releases/8     .3.1)

  - [Drupal Core - Critical - Access Bypass -     SA-CORE-2017-002](https://www.drupal.org/SA-CORE-2017-00     2)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Published	Updated	Severity
98557	Drupal 8.x < 8.2.8 Access Bypass Vulnerability	Web App Scanning	Component Vulnerability	11/5/2018	3/14/2023	high
98556	Drupal 8.3.x < 8.3.1 Access Bypass Vulnerability	Web App Scanning	Component Vulnerability	11/5/2018	3/14/2023	high
99615	FreeBSD : drupal8 -- Drupal Core - Critical - Access Bypass (1455c86c-26c2-11e7-9daa-6cf0497db129)	Nessus	FreeBSD Local Security Checks	4/24/2017	1/4/2021	high
99690	Drupal 8.x < 8.2.8 / 8.3.x < 8.3.1 Access Bypass Vulnerability (SA-CORE-2017-002)	Nessus	CGI abuses	4/26/2017	4/11/2022	high
99922	Fedora 25 : drupal8 (2017-041473e742)	Nessus	Fedora Local Security Checks	5/2/2017	1/11/2021	high
99925	Fedora 24 : drupal8 (2017-e8767a2fbb)	Nessus	Fedora Local Security Checks	5/2/2017	1/6/2021	high
101720	Fedora 26 : drupal8 (2017-ccdf272e60)	Nessus	Fedora Local Security Checks	7/17/2017	1/6/2021	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high