Description

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

Remediation

References

CVE-2012-1591

Related Vulnerabilities

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

MySQL CVE-2022-21314 Vulnerability (CVE-2022-21314)

Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-6762)

Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-15151)

Drupal Core 4.6.x Mail Header Injection (4.6.0 - 4.6.5)

Severity

Medium

Classification

CVE-2012-1591 CWE-264

Tags

Missing Update Known Vulnerabilities