Description
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
Remediation
References
Related Vulnerabilities
Contao Insufficient Session Expiration Vulnerability (CVE-2024-30262)
LiteSpeed Web Server Out-of-bounds Read Vulnerability (CVE-2004-0112)
Apache 2.x version older than 2.2.8
TYPO3 Improper Input Validation Vulnerability (CVE-2013-7079)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1161)