4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.967 High
EPSS
Percentile
99.7%
The FileField module enables you to define and use fields that contain files.
The module doesn’t sufficiently check permission to view the attached file when attaching a file that was previously uploaded. This could allow attackers to gain access to private files.
This vulnerability is mitigated by the fact that the attacker must have permission to create or edit content with a file field.
Drupal core is not affected. If you do not use the contributed FileField module, there is nothing you need to do.
drupal.org/contact
drupal.org/project/filefield
drupal.org/security-team
drupal.org/security-team/risk-levels
drupal.org/security/secure-configuration
drupal.org/writing-secure-code
twitter.com/drupalsecurity
www.drupal.org/drupal-6.32-release-notes
www.drupal.org/node/2304517
www.drupal.org/project/filefield
www.drupal.org/SA-CORE-2014-003
www.drupal.org/user/266527
www.drupal.org/user/35821
www.drupal.org/user/556138