An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2012/03/19/10 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2012/03/20/14 | Mailing List Third Party Advisory |
https://access.redhat.com/security/cve/cve-2011-2726 | Broken Link |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2726 | Issue Tracking Third Party Advisory |
https://security-tracker.debian.org/tracker/CVE-2011-2726 | Third Party Advisory |
https://www.drupal.org/node/1231510 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2019-11-15T16:21:51
Updated: 2019-11-15T16:21:51
Reserved: 2011-07-11T00:00:00
Link: CVE-2011-2726
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-11-15T17:15:12.523
Modified: 2019-12-03T19:49:50.163
Link: CVE-2011-2726
JSON object: View
Redhat Information
No data.
CWE