← back
CVE-2012-1591

CVE-2012-1591

EPSS 2.4%
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://drupalcode.org/project/drupal.git/commit/3bf6761ff7537dc68e22ea73f155134f3cfd41a8http://drupal.org/drupal-7.14http://drupal.org/node/1507988http://drupal.org/node/1557938http://secunia.com/advisories/49012http://www.mandriva.com/security/advisories?name=MDVSA-2013:074http://www.securityfocus.com/bid/53359