[MEDIUM] Users without "Administer comments" can set comment visibility on nodes they can edit

PKSA-wsdn-jkns-xw8s CVE-2016-7570 GHSA-6g9h-6v79-w4pc

Affected package: drupal/core

Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.10

Reported by:
FriendsOfPHP/security-advisories, GitHub