SB2013071602 - Permissions, Privileges, and Access Controls in Drupal
Published: July 16, 2013 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-0246)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.
Remediation
Install update from vendor's website.