Lucene search

[email protected]NVD:CVE-2014-9156

HistoryDec 01, 2014 - 4:59 p.m.

CVE-2014-9156

2014-12-0116:59:07

CWE-200

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.7%

JSON

The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file.

Affected configurations

NVD

Node

filefield_projectfilefieldRange≤6.x-3.12drupal

References

cgit.drupalcode.org/filefield/commit/?id=3a97fe1

www.drupal.org/node/2304517

www.drupal.org/node/2304561

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.7%

JSON

Related for NVD:CVE-2014-9156

prion1 cvelist1 cve1 drupal1