7 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.0%
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.
drupalcode.org/project/drupal.git/commit/3bf6761ff7537dc68e22ea73f155134f3cfd41a8
secunia.com/advisories/49012
www.mandriva.com/security/advisories?name=MDVSA-2013:074
www.securityfocus.com/bid/53359
drupal.org/drupal-7.14
drupal.org/node/1507988
drupal.org/node/1557938