Medium severity4.3NVD Advisory· Published Oct 3, 2016· Updated Jun 17, 2026
CVE-2016-7570
CVE-2016-7570
Description
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/drupalPackagist | >= 8.0.0, < 8.1.10 | 8.1.10 |
drupal/corePackagist | >= 8.0.0, < 8.1.10 | 8.1.10 |
Affected products
2- ghsa-coords2 versions
>= 8.0.0, < 8.1.10+ 1 more
- (no CPE)range: >= 8.0.0, < 8.1.10
- (no CPE)range: >= 8.0.0, < 8.1.10
Patches
Vulnerability mechanics
References
7- www.securityfocus.com/bid/93101nvdThird Party AdvisoryWEB
- www.securitytracker.com/id/1036886nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-6g9h-6v79-w4pcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-7570ghsaADVISORY
- www.drupal.org/SA-CORE-2016-004nvdVendor AdvisoryWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7570.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7570.yamlghsaWEB
News mentions
0No linked articles in our index yet.