CVE-2012-1591

Name of the Vulnerable Software and Affected Versions Drupal versions prior to 7.14

Description The issue concerns the image module in Drupal, where it fails to properly check permissions when caching derivative image styles of private images. This allows remote attackers to read private image styles.

Recommendations For versions prior to 7.14, update to version 7.14 or later to resolve the issue.