This is a critical access bypass vulnerability. A site is only affected by this if all of the following conditions are met:

https://www.drupal.org/SA-CORE-2017-002