Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.drupal.org/sa-core-2020-011 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: drupal
Published: 2022-02-11T15:45:22
Updated: 2024-08-04T12:25:16.150Z
Reserved: 2020-05-28T00:00:00
Link: CVE-2020-13670
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-02-11T16:15:08.140
Modified: 2022-02-23T18:32:32.397
Link: CVE-2020-13670
Redhat
No data.