Lucene search
HistoryOct 03, 2022 - 4:20 p.m.
CVE-2014-9156
cve-2014-9156
nvd
drupal
filefield module
authentication
file permissions
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.7%
The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file.
Affected configurations
Node
filefield_projectfilefieldRange≤6.x-3.12drupal
| CPE | Name | Operator | Version |
|---|---|---|---|
| filefield_project:filefield | filefield project filefield | le | 6.x-3.12 |
Related
nvd
nvd
CVE-2014-9156
2014-12-01 16:59:07
prion
prion
Design/Logic Flaw
2014-12-01 16:59:00
cvelist
cvelist
CVE-2014-9156
2022-10-03 16:20:39
drupal
drupal
SA-CONTRIB-2014-071 - FileField - Access bypass
2014-07-16 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.7%
Related for CVE-2014-9156