# Drupal core - Critical - Access bypass - SA-CORE-2019-008 Project: [Drupal core](https://www.drupal.org/project/drupal) Date: 2019-July-17 Security risk: [**Critical** 17∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:Default](https://www.drupal.org/security-team/risk-levels) Vulnerability: Access bypass CVE IDs: CVE-2019-6342 Description: In Drupal 8.7.4, when the [experimental](https://www.drupal.org/core/experimental#beta) Workspaces module is enabled, an access bypass condition is created. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4. Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are **not** affected. Solution: If the site is running Drupal 8.7.4, upgrade to Drupal 8.7.5. **Note, manual step needed.** For sites with the Workspaces module enabled, `update.php`needs to run to ensure a required cache clear. If there is a reverse proxy cache or content delivery network (e.g. Varnish,...
# Drupal core - Critical - Access bypass - SA-CORE-2019-008 Project: [Drupal core](https://www.drupal.org/project/drupal) Date: 2019-July-17 Security risk: [**Critical** 17∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:Default](https://www.drupal.org/security-team/risk-levels) Vulnerability: Access bypass CVE IDs: CVE-2019-6342 Description: In Drupal 8.7.4, when the [experimental](https://www.drupal.org/core/experimental#beta) Workspaces module is enabled, an access bypass condition is created. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4. Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are **not** affected. Solution: If the site is running Drupal 8.7.4, upgrade to Drupal 8.7.5. **Note, manual step needed.** For sites with the Workspaces module enabled, `update.php`needs to run to ensure a required cache clear. If there is a reverse proxy cache or content delivery network (e.g. Varnish, CloudFlare) it is also advisable to clear these as well.
