PT-2019-6650 · Drupal · Drupal
Othman Madjoudj
·
Publicado
2019-11-15
·
Atualizado
2019-12-03
·
CVE-2011-2726
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal versions prior to 7.5
Description
An access bypass issue allows non-privileged users to download files attached to comments if they know or guess the direct URL of the file, even when the parent node is denied access. This issue is relevant when a Drupal site allows attaching File upload fields to any entity type or points individual File upload fields to the private file directory in comments.
Recommendations
For versions prior to 7.5, update to version 7.5 or later to resolve the issue.
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Drupal