Description

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

Remediation

References

CVE-2012-1591

Related Vulnerabilities

Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2015-0258)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7890)

MySQL Improper Input Validation Vulnerability (CVE-2017-3258)

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-0292)

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9418)

Severity

Medium

Classification

CVE-2012-1591 CWE-264

Tags

Missing Update Known Vulnerabilities