An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2012/03/19/10 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2012/03/20/14 | Mailing List Third Party Advisory |
https://access.redhat.com/security/cve/cve-2011-2726 | Broken Link |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2726 | Issue Tracking Third Party Advisory |
https://security-tracker.debian.org/tracker/CVE-2011-2726 | Third Party Advisory |
https://www.drupal.org/node/1231510 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2019-11-15 17:15
Updated : 2024-02-04 20:39
NVD link : CVE-2011-2726
Mitre link : CVE-2011-2726
CVE.ORG link : CVE-2011-2726
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
drupal
- drupal
redhat
- enterprise_linux
CWE
CWE-863
Incorrect Authorization