1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
Candidate: CVE-2014-5020
PublicDate: 2014-07-22
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5020
https://www.drupal.org/SA-CORE-2014-003
http://www.debian.org/security/2014/dsa-2983
Description:
The File module in Drupal 7.x before 7.29 does not properly check
permissions to view files, which allows remote authenticated users with
certain permissions to bypass intended restrictions and read files by
attaching the file to content with a file field.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_drupal7:
upstream_drupal7: released (7.29)
lucid_drupal7: DNE
precise_drupal7: ignored (reached end-of-life)
precise/esm_drupal7: DNE (precise was needed)
trusty_drupal7: needed
utopic_drupal7: not-affected (7.32-1)
vivid_drupal7: not-affected (7.32-1)
vivid/stable-phone-overlay_drupal7: DNE
vivid/ubuntu-core_drupal7: DNE
wily_drupal7: not-affected (7.32-1)
xenial_drupal7: not-affected (7.32-1)
yakkety_drupal7: not-affected (7.32-1)
zesty_drupal7: not-affected (7.32-1)
devel_drupal7: not-affected (7.32-1)
|