Description
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin User Activity Security Bypass (1.0.1)
Drupal Improper Privilege Management Vulnerability (CVE-2017-6924)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2600)
WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes Security Bypass (4.21.1)
WordPress 4.1.x Cross-Site Scripting Vulnerability (4.1 - 4.1.8)