CVE-2017-6379: Cross Site Request Forgery

March 16, 2017 (updated July 12, 2017)

Some administrative paths in Drupal does not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.

References

nvd.nist.gov/vuln/detail/CVE-2017-6379
www.drupal.org/SA-2017-001

Code Behaviors & Features

Detect and mitigate CVE-2017-6379 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →