Lucene search
Veracode Vulnerability DatabaseVERACODE:36625HistoryAug 08, 2022 - 7:29 a.m.
Information Disclosure
2022-08-0807:29:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.001 Low
EPSS
Percentile
43.2%
drupal/core is vulnerable to information disclosure. The vulnerability exists due to a lack of input validation in the ImageStyleDownloadController.php as it only restricts access to non-public files if stored in the private file directory, allowing an attacker to gain access to additional files in the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| drupal/core | le | 10.0.0-alpha7 | |
| drupal/core | le | 9.4.2 | |
| drupal/core | le | 9.3.18 | |
| drupal/core | le | 10.0.0-alpha7 | |
| drupal/core | le | 9.4.2 | |
| drupal/core | le | 9.3.18 |
Related
drupal
drupal
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
2022-07-20 00:00:00
osv
osv
BIT-drupal-2022-25275
2024-03-06 10:53:08
CVE-2022-25275
2023-04-26 14:15:09
Drupal core Information Disclosure vulnerability
2022-08-06 05:31:26
openvas
openvas
Drupal 7.0 < 7.91, 8.0 < 9.3.19, 9.4.0 < 9.4.3 Information Disclosure (SA-CORE-2022-012) - Linux
2022-10-17 00:00:00
Drupal 7.0 < 7.91, 8.0 < 9.3.19, 9.4.0 < 9.4.3 Information Disclosure (SA-CORE-2022-012) - Windows
2022-10-17 00:00:00
Fedora: Security Advisory for drupal7 (FEDORA-2022-9d655503ea)
2022-10-24 00:00:00
ubuntucve
ubuntucve
CVE-2022-25275
2023-04-26 00:00:00
cvelist
cvelist
CVE-2022-25275
2023-04-26 00:00:00
nvd
nvd
CVE-2022-25275
2023-04-26 14:15:09
prion
prion
Default configuration
2023-04-26 14:15:00
cve
cve
CVE-2022-25275
2023-04-26 14:15:09
friendsofphp
friendsofphp
github
github
Drupal core Information Disclosure vulnerability
2022-08-06 05:31:26
nessus
nessus
Drupal 7.x < 7.91 / 9.3.x < 9.3.19 / 9.4.x < 9.4.3 Multiple Vulnerabilities (drupal-2022-07-20)
2022-07-21 00:00:00
Fedora 36 : drupal7 (2022-9d655503ea)
2022-12-23 00:00:00
Fedora 35 : drupal7 (2022-bf18450366)
2022-12-22 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: drupal7-7.92-1.fc36
2022-10-23 09:04:53
[SECURITY] Fedora 35 Update: drupal7-7.92-1.fc35
2022-11-03 15:31:08
[SECURITY] Fedora 37 Update: drupal7-7.92-1.fc37
2022-11-10 22:46:29