CVE-2016-3162: Improper Access Control

April 12, 2016 (updated April 22, 2016)

The File module in Drupal allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.

References

www.drupal.org/SA-CORE-2016-001

Code Behaviors & Features

Detect and mitigate CVE-2016-3162 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →