Iancawthorne

**Name of the Vulnerable Software and Affected Versions** Drupal core versions prior to 8.3.4 Drupal core versions prior to 7.56 **Description** The issue allows an access bypass, where private files uploaded by an anonymous user are visible to all anonymous users, rather than just the user who uploaded them. This occurs on sites that allow anonymous users to upload files into a private file system. **Recommendations** For Drupal core versions prior to 8.3.4, update to version 8.3.4 or later. For Drupal core versions prior to 7.56, update to version 7.56 or later.