CVE-2016-6211: Saving user accounts can sometimes grant the user all roles

September 9, 2016 (updated November 28, 2016)

The User module in Drupal allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

References

www.drupal.org/SA-CORE-2016-002

Code Behaviors & Features

Detect and mitigate CVE-2016-6211 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →