Update CVE-2017-6923.json

2025-06-08 22:18:26 +00:00 · 2019-01-21 09:27:58 -05:00 · 2019-01-21 09:27:58 -05:00 · 60fd6462fb
commit 60fd6462fb
parent 153edf860b
1 changed files with 91 additions and 15 deletions
--- a/2017/6xxx/CVE-2017-6923.json
+++ b/2017/6xxx/CVE-2017-6923.json
@ -1,18 +1,94 @@
 {
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2017-6923",
      "STATE" : "RESERVED"
   },
   "data_format" : "MITRE",
  "data_type": "CVE",
  "data_format": "MITRE",
  "data_version": "4.0",
-   "description" : {
+  "CVE_data_meta": {
-      "description_data" : [
+    "ID": "CVE-2017-6923",
    "ASSIGNER": "mlhess@drupal.org",
    "DATE_PUBLIC": "",
    "TITLE": "Access bypass in Drupal 8 views",
    "AKA": "",
    "STATE": "PUBLIC"
  },
  "source": {
    "defect": [],
    "advisory": "",
    "discovery": "UNKNOWN"
  },
  "affects": {
    "vendor": {
      "vendor_data": [
        {
-            "lang" : "eng",
+          "vendor_name": "Druapl",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+          "product": {
            "product_data": [
              {
                "product_name": "Drupal core",
                "version": {
                  "version_data": [
                    {
                      "version_name": "8.x",
                      "affected": "<",
                      "version_value": "8.3.7",
                      "platform": ""
                    }
                  ]
                }
              }
            ]
          }
        }
      ]
    }
  },
  "description": {
    "description_data": [
      {
        "lang": "eng",
        "value": "When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view.\n\nIt is best practice to always include some form of access restrictions on all views, even if you are using another module to display them."
      }
    ]
  },
  "problemtype": {
    "problemtype_data": [
      {
        "description": [
          {
            "lang": "eng",
            "value": "Access bypass"
          }
        ]
      }
    ]
  },
  "references": {
    "reference_data": [
      {
        "refsource": "CONFIRM",
        "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple",
        "name": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple"
      }
    ]
  },
  "configuration": [],
  "impact": {
    "cvss": {
      "version": "3.0",
      "attackVector": "PHYSICAL",
      "attackComplexity": "HIGH",
      "privilegesRequired": "HIGH",
      "userInteraction": "REQUIRED",
      "scope": "UNCHANGED",
      "confidentialityImpact": "NONE",
      "integrityImpact": "NONE",
      "availabilityImpact": "NONE",
      "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N",
      "baseScore": 0,
      "baseSeverity": "NONE"
    }
  },
  "exploit": [],
  "work_around": [],
  "solution": [],
  "credit": []
 }