Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-6379

Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.1
Products affected by CVE-2017-6379
  • Drupal » Drupal » Version: 8.2.0
    cpe:2.3:a:drupal:drupal:8.2.0
  • Drupal » Drupal » Version: 8.2.1
    cpe:2.3:a:drupal:drupal:8.2.1
  • Drupal » Drupal » Version: 8.2.2
    cpe:2.3:a:drupal:drupal:8.2.2
  • Drupal » Drupal » Version: 8.2.3
    cpe:2.3:a:drupal:drupal:8.2.3
  • Drupal » Drupal » Version: 8.2.4
    cpe:2.3:a:drupal:drupal:8.2.4
  • Drupal » Drupal » Version: 8.2.5
    cpe:2.3:a:drupal:drupal:8.2.5
  • Drupal » Drupal » Version: 8.2.6
    cpe:2.3:a:drupal:drupal:8.2.6


Contact Us

Shodan ® - All rights reserved