exploitDog

CVE-2014-9156

Опубликовано: 01 дек. 2014

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file.

Ссылки

http://cgit.drupalcode.org/filefield/commit/?id=3a97fe1
Vendor Advisory
https://www.drupal.org/node/2304517
Vendor Advisory
https://www.drupal.org/node/2304561
Vendor Advisory
http://cgit.drupalcode.org/filefield/commit/?id=3a97fe1
Vendor Advisory
https://www.drupal.org/node/2304517
Vendor Advisory
https://www.drupal.org/node/2304561
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:filefield_project:filefield:*:*:*:*:*:drupal:*:*

Версия до 6.x-3.12 (включая)

EPSS

Процентиль: 36%

0.00151

Низкий

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-974p-rx3f-rxv5

github

больше 3 лет назад

The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file.

EPSS

Процентиль: 36%

0.00151

Низкий

4 Medium

CVSS2

Дефекты

CWE-200