CVE-2016-7570: Unprivileged access to "Administer comments"

October 3, 2016 (updated October 4, 2016)

Users who have rights to edit a node can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.

References

www.drupal.org/SA-CORE-2016-004

Code Behaviors & Features

Detect and mitigate CVE-2016-7570 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →