CVE-2012-1591
N/A
N/A
Summary
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://drupal.org/node/1507988
- http://drupal.org/drupal-7.14
- http://www.securityfocus.com/bid/53359
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
- http://secunia.com/advisories/49012
- http://drupal.org/node/1557938
- http://drupalcode.org/project/drupal.git/commit/3bf6761ff7537dc68e22ea73f155134f3cfd41a8
References
- http://drupal.org/node/1507988
- http://drupal.org/drupal-7.14
- http://www.securityfocus.com/bid/53359
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
- http://secunia.com/advisories/49012
- http://drupal.org/node/1557938
- http://drupalcode.org/project/drupal.git/commit/3bf6761ff7537dc68e22ea73f155134f3cfd41a8
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.