Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-1591

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.

Related bugs and status

CVE-2012-1591 (Candidate) is related to these bugs:

Bug #1031028: Drupal 7.14 is latest stable, 7.12 is old.

		In	Importance	Status
1031028	Drupal 7.14 is latest stable, 7.12 is old.	drupal7 (Ubuntu)	Undecided	Invalid
1031028	Drupal 7.14 is latest stable, 7.12 is old.	drupal7 (Ubuntu Precise)	Medium	Invalid
1031028	Drupal 7.14 is latest stable, 7.12 is old.	drupal7 (Ubuntu Quantal)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://drupal.org/drup...
CONFIRM: http://drupal.org/node...
CONFIRM: http://drupal.org/node...
CONFIRM: http://drupalcode.org/...
BID: 53359
SECUNIA: 49012
MANDRIVA: MDVSA-2013:074