CVE-2017-6925: Entity Access Bypass

January 15, 2019 (updated October 3, 2019)

There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.

References

www.securityfocus.com/bid/100368
www.securitytracker.com/id/1039200
nvd.nist.gov/vuln/detail/CVE-2017-6925
www.drupal.org/SA-CORE-2017-004
www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple

Code Behaviors & Features

Detect and mitigate CVE-2017-6925 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →