Description

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

Remediation

References

CVE-2012-1591

Related Vulnerabilities

WordPress Plugin 5gig Concerts Unspecified Vulnerability (1.0)

WordPress Plugin Weather for us-animated weather widget Crypto Mining (1.8)

GlassFish CVE-2013-1508 Vulnerability (CVE-2013-1508)

MySQL Other Vulnerability (CVE-2006-4226)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-20612)

Severity

Medium

Classification

CVE-2012-1591 CWE-264

Tags

Missing Update Known Vulnerabilities