[MEDIUM] Full config export can be downloaded without administrative permissions

PKSA-7nn6-tbd9-7733 CVE-2016-7572 GHSA-fmqh-2j2x-vgp3

Affected package: drupal/core

Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10

Reported by:
FriendsOfPHP/security-advisories, GitHub