CVE-2012-1591

medium

Description

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

References

http://www.securityfocus.com/bid/53359

http://www.mandriva.com/security/advisories?name=MDVSA-2013:074

http://secunia.com/advisories/49012

http://drupalcode.org/project/drupal.git/commit/3bf6761ff7537dc68e22ea73f155134f3cfd41a8

http://drupal.org/node/1557938

http://drupal.org/node/1507988

http://drupal.org/drupal-7.14

Details

Source: Mitre, NVD

Published: 2012-10-01

Updated: 2013-12-13

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N