[MEDIUM] Users without "Administer comments" can set comment visibility on nodes they can edit

PKSA-ffy2-ffrk-zcb4 CVE-2016-7570 GHSA-6g9h-6v79-w4pc

Affected package: drupal/drupal

Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10

Reported by:
FriendsOfPHP/security-advisories, GitHub