CVE-2014-5020

Name of the Vulnerable Software and Affected Versions Drupal versions prior to 7.29

Description The issue concerns the File module in Drupal, where it fails to properly check permissions for viewing files. This allows remote authenticated users with specific permissions to bypass restrictions and read files by attaching them to content using a file field.

Recommendations For versions prior to 7.29, update to version 7.29 or later to resolve the issue.