CVE-2012-1591
Drupal 7.x < 7.14 - Unauthenticated Private Image Style Information Disclosure
Title source: llmDescription
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.
References (7)
Core 7
Core References
Various Sources x_refsource_confirm
http://drupal.org/node/1507988
Patch x_refsource_confirm
http://drupal.org/drupal-7.14
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53359
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49012
Vendor Advisory x_refsource_confirm
http://drupal.org/node/1557938
Patch x_refsource_confirm
http://drupalcode.org/project/drupal.git/commit/3bf6761ff7537dc68e22ea73f155134f3cfd41a8
Scores
EPSS
0.0046
EPSS Percentile
64.5%
Details
CWE
CWE-264
Status
published
Products (15)
drupal/drupal
7.0 (16 CPE variants)
drupal/drupal
7.1
drupal/drupal
7.2
drupal/drupal
7.3
drupal/drupal
7.4
drupal/drupal
7.5
drupal/drupal
7.6
drupal/drupal
7.7
drupal/drupal
7.8
drupal/drupal
7.9
... and 5 more
Published
Oct 01, 2012
Tracked Since
Feb 18, 2026