The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-07-22T14:00:00Z
Updated: 2024-09-16T18:08:33.200Z
Reserved: 2014-07-22T00:00:00Z
Link: CVE-2014-5020
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-07-22T14:55:10.050
Modified: 2014-07-22T19:03:38.433
Link: CVE-2014-5020
Redhat
No data.