CVE-2016-7572: Unprivileged access to config export

October 3, 2016 (updated October 4, 2016)

The system.temporary route allows the download of a full config export. The full config export should be limited to those with “Export configuration” permission.

References

www.drupal.org/SA-CORE-2016-004

Code Behaviors & Features

Detect and mitigate CVE-2016-7572 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →