WS-2018-0195 | Mend Vulnerability Database

Vulnerability DatabaseWS-2018-0195

WS-2018-0195

Published:May 19, 2026

Updated:May 19, 2026

Drupal core versions 7.x until 7.60, 8.5.x until 8.5.8, 8.6.x until 8.6.2, vulnerable to access bypass due to an issue to check users access for certain transitions.

Affected Packages

drupal/drupal (PHP):

Affected version(s) =8.0.x-dev <8.0.1

Fix Suggestion:

Update to version 8.0.1

drupal/drupal (PHP):

Affected version(s) =8.5.7 <8.5.8

Fix Suggestion:

Update to version 8.5.8

drupal/drupal (PHP):

Affected version(s) >=8.3.9 <8.4.1

Fix Suggestion:

Update to version 8.4.1

drupal/drupal (PHP):

Affected version(s) >=8.0.3 <8.1.0-rc1

Fix Suggestion:

Update to version 8.1.0-rc1

firstturnmedia/cm_bootstrap (PHP):

Affected version(s) >=1.0.0-alpha7 <1.0.0-beta1

Fix Suggestion:

Update to version 1.0.0-beta1

chmez/d8 (PHP):

Affected version(s) >=0.0.0.0 <0.1.0.12

Fix Suggestion:

Update to version 0.1.0.12

drupal/core (PHP):

Affected version(s) >=8.2.1 <8.5.x-dev

Fix Suggestion:

Update to version 8.5.x-dev

drupal/drupal (PHP):

Affected version(s) =8.0.0-rc1 <8.0.0-rc2

Fix Suggestion:

Update to version 8.0.0-rc2

drupal/drupal (PHP):

Affected version(s) >=8.5.1 <8.5.3

Fix Suggestion:

Update to version 8.5.3

aleksip/plugin-data-transform (PHP):

Affected version(s) >=v0.9.0 <v1.3.0

Fix Suggestion:

Update to version v1.3.0

drupal/core (PHP):

Affected version(s) =8.5.7 <8.5.8

Fix Suggestion:

Update to version 8.5.8

firstturnmedia/cm_bootstrap (PHP):

Affected version(s) >=2.0.0-beta5 <tags/2017-01-30

Fix Suggestion:

Update to version tags/2017-01-30

drupal/drupal (PHP):

Affected version(s) =8.0.0-beta16 <8.0.0-beta2

Fix Suggestion:

Update to version 8.0.0-beta2

drupal/core (PHP):

Affected version(s) >=8.5.1 <8.5.6

Fix Suggestion:

Update to version 8.5.6

hechoendrupal/drupal (PHP):

Affected version(s) >=8.0.0-beta2 <=8.0.0-beta7

Fix Suggestion:

Update to version no_fix

drupal/core (PHP):

Affected version(s) >=8.0.0-beta10 <8.2.x-dev

Fix Suggestion:

Update to version 8.2.x-dev

drupal/drupal (PHP):

Affected version(s) >=8.4.4 <8.4.6

Fix Suggestion:

Update to version 8.4.6

drupal/drupal (PHP):

Affected version(s) >=8.4.7 <8.5.0-beta1

Fix Suggestion:

Update to version 8.5.0-beta1

drupal/drupal (PHP):

Affected version(s) =8.6.0 <8.6.x-dev

Fix Suggestion:

Update to version 8.6.x-dev

firstturnmedia/cm_bootstrap (PHP):

Affected version(s) >=2.0.0-beta10 <2.0.0-beta15

Fix Suggestion:

Update to version 2.0.0-beta15

vijaycs85/coverage-report (PHP):

Affected version(s) >=8.0-alpha10 <=8.5.x-dev

Fix Suggestion:

Update to version no_fix

drupal/drupal (PHP):

Affected version(s) =8.5.5 <8.5.6

Fix Suggestion:

Update to version 8.5.6

drupal/drupal (PHP):

Affected version(s) =8.4.2 <8.4.3

Fix Suggestion:

Update to version 8.4.3

drupal/drupal (PHP):

Affected version(s) >=8.1.0 <8.1.1

Fix Suggestion:

Update to version 8.1.1

drupal/drupal (PHP):

Affected version(s) >=8.1.10 <8.2.1

Fix Suggestion:

Update to version 8.2.1

drupal/drupal (PHP):

Affected version(s) =8.3.0-rc1 <8.3.0-rc2

Fix Suggestion:

Update to version 8.3.0-rc2

drupal/drupal (PHP):

Affected version(s) >=8.2.7 <8.3.0-beta1

Fix Suggestion:

Update to version 8.3.0-beta1

drupal/drupal (PHP):

Affected version(s) =8.3.5 <8.3.6

Fix Suggestion:

Update to version 8.3.6

drupal/core-utility (PHP):

Affected version(s) >=8.6.0-alpha1 <8.6.x-dev

Fix Suggestion:

Update to version 8.6.x-dev

webflo/drupal (PHP):

Affected version(s) =8.0.x-dev

Fix Suggestion:

Update to version no_fix

drupal/d7-plugin (PHP):

Affected version(s) =dev-master <dev-packagist-badges

Fix Suggestion:

Update to version dev-packagist-badges

redactivemedia/redactive-drupal8-platform (PHP):

Affected version(s) >=8.0.0-beta12 <8.5.8

Fix Suggestion:

Update to version 8.5.8

drupal/drupal (PHP):

Affected version(s) >=8.3.0 <8.3.1

Fix Suggestion:

Update to version 8.3.1

drupal/drupal (PHP):

Affected version(s) =8.3.2 <8.3.3

Fix Suggestion:

Update to version 8.3.3

drupal/drupal (PHP):

Affected version(s) =8.6.0-alpha1 <8.6.0-beta1

Fix Suggestion:

Update to version 8.6.0-beta1

drupal/core-dependency-injection (PHP):

Affected version(s) >=8.0.0-beta10 <8.0.0-beta15

Fix Suggestion:

Update to version 8.0.0-beta15

cristiroma/drupal-boilerplate-8 (PHP):

Affected version(s) =0.1

Fix Suggestion:

Update to version no_fix

drupal/drupal (PHP):

Affected version(s) >=8.1.3 <8.1.8

Fix Suggestion:

Update to version 8.1.8

drupal/drupal (PHP):

Affected version(s) >=8.0.0-rc3 <8.0.0

Fix Suggestion:

Update to version 8.0.0

drupal/drupal (PHP):

Affected version(s) >=8.2.3 <8.2.6

Fix Suggestion:

Update to version 8.2.6

drupal/core (PHP):

Affected version(s) >=8.6.0-alpha1 <8.6.1

Fix Suggestion:

Update to version 8.6.1

lionsad/service_container (PHP):

Affected version(s) =dev-use-d8-container <dev-pr--82

Fix Suggestion:

Update to version dev-pr--82

alnutile/drunatra (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

redactivemedia/redactive-drupal8-platform (PHP):

Affected version(s) >=8.6.0-rc1 <8.6.2

Fix Suggestion:

Update to version 8.6.2

drupal/core-utility (PHP):

Affected version(s) >=8.0.0-beta10 <8.5.x-dev

Fix Suggestion:

Update to version 8.5.x-dev

drupal/core-utility (PHP):

Affected version(s) =8.6.1 <8.6.2

Fix Suggestion:

Update to version 8.6.2

lexhouk/d8 (PHP):

Affected version(s) >=0.0.0.0 <0.1.0.12

Fix Suggestion:

Update to version 0.1.0.12

openwebapp/openwebapp (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

drupal/core-utility (PHP):

Affected version(s) >=8.5.1 <8.5.8

Fix Suggestion:

Update to version 8.5.8

drupal/core-file-cache (PHP):

Affected version(s) >=8.0.0-beta6 <8.1.0

Fix Suggestion:

Update to version 8.1.0

aleksip/plugin-data-transform (PHP):

Affected version(s) =v1.3.1 <v1.4.0

Fix Suggestion:

Update to version v1.4.0

withadresden/superdrupal (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

drupal/core-dependency-injection (PHP):

Affected version(s) >=8.0.0-beta6 <8.0.0-rc1

Fix Suggestion:

Update to version 8.0.0-rc1

Related Resources (1)

https://www.drupal.org/sa-core-2018-006

Do you need more information?

CVSS v4

Base Score:

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE