oss-sec mailing list archives
CVE request: drupal before 7.5 access bypass
From: Hanno Böck <hanno () hboeck de>
Date: Sun, 20 Nov 2011 12:14:51 +0100
http://drupal.org/node/1231510 If a Drupal site is using these features on comments, and the parent node is denied access (either by a node access module or by being unpublished), the file attached to the comment can still be downloaded by non-privileged users if they know or guess its direct URL. -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- CVE request: drupal before 7.5 access bypass Hanno Böck (Nov 20)
- Re: CVE request: drupal before 7.5 access bypass Kurt Seifried (Nov 20)
- Re: CVE request: drupal before 7.5 access bypass Moritz Muehlenhoff (Nov 21)
- Re: CVE request: drupal before 7.5 access bypass Kurt Seifried (Nov 21)
- Re: CVE request: drupal before 7.5 access bypass Moritz Muehlenhoff (Nov 21)
- Re: CVE request: drupal before 7.5 access bypass Kurt Seifried (Nov 20)