The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file.
References
Link | Resource |
---|---|
http://cgit.drupalcode.org/filefield/commit/?id=3a97fe1 | Vendor Advisory |
https://www.drupal.org/node/2304517 | Vendor Advisory |
https://www.drupal.org/node/2304561 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2014-12-01 16:59
Updated : 2024-02-28 12:20
NVD link : CVE-2014-9156
Mitre link : CVE-2014-9156
CVE.ORG link : CVE-2014-9156
JSON object : View
Products Affected
filefield_project
- filefield
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor