6.4 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.0%
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.
drupal.org/drupal-7.14
drupal.org/node/1507988
drupal.org/node/1557938
drupalcode.org/project/drupal.git/commit/3bf6761ff7537dc68e22ea73f155134f3cfd41a8
secunia.com/advisories/49012
www.mandriva.com/security/advisories?name=MDVSA-2013:074
www.securityfocus.com/bid/53359