Описание
The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.
Ссылки
- Patch
- Issue TrackingPatchThird Party Advisory
- Release Notes
- PatchThird Party Advisory
- Broken LinkThird Party Advisory
- Broken LinkPatchThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Patch
- Issue TrackingPatchThird Party Advisory
- Release Notes
- PatchThird Party Advisory
- Broken LinkThird Party Advisory
- Broken LinkPatchThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:quicksketch:filefield:6.x-3.1:*:*:*:*:drupal:*:*
EPSS
Процентиль: 76%
0.00989
Низкий
7.5 High
CVSS2
Дефекты
CWE-862
Связанные уязвимости
github
почти 4 года назад
The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors.
EPSS
Процентиль: 76%
0.00989
Низкий
7.5 High
CVSS2
Дефекты
CWE-862