CVE-2014-5020
Published: 22 July 2014
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
drupal7 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(7.32-1)
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| noble |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Needed
|
|
| upstream |
Released
(7.29)
|
|
| utopic |
Not vulnerable
(7.32-1)
|
|
| vivid |
Not vulnerable
(7.32-1)
|
|
| wily |
Not vulnerable
(7.32-1)
|
|
| xenial |
Not vulnerable
(7.32-1)
|
|
| yakkety |
Not vulnerable
(7.32-1)
|
|
| zesty |
Not vulnerable
(7.32-1)
|