PT-2019-6715 · Drupal · Ckeditor

Published

2019-11-13

Updated

2019-11-18

CVE-2011-4972

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CKEditor module version 7.x-1.4 for Drupal

Description The issue is related to the hook file download function in the CKEditor module, which does not properly restrict access to private files. This allows remote attackers to read private files via a direct request.

Recommendations For CKEditor module version 7.x-1.4, consider updating to a newer version that addresses this issue, as the current version does not properly restrict access to private files.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2011-4972

Affected Products

Ckeditor

PT-2019-6715 · Drupal · Ckeditor

CVE-2011-4972

Weakness Enumeration

Related Identifiers

Affected Products

References · 5