Description
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
Remediation
References
Related Vulnerabilities
Plone CMS Resource Management Errors Vulnerability (CVE-2012-5496)
MySQL CVE-2020-14829 Vulnerability (CVE-2020-14829)
Squid Out-of-bounds Read Vulnerability (CVE-2023-49285)
WordPress Plugin Glass Cross-Site Request Forgery (1.3.2)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-9547)