[MEDIUM] Full config export can be downloaded without administrative permissions

PKSA-n53n-gs3v-kmh7 CVE-2016-7572 GHSA-fmqh-2j2x-vgp3

Affected package: drupal/drupal

Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10

Reported by:
FriendsOfPHP/security-advisories, GitHub