CVE-2012-1591
Published: 1 October 2012
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.
Priority
Status
Package | Release | Status |
---|---|---|
drupal7 Launchpad, Ubuntu, Debian |
trusty |
Not vulnerable
(7.14-1)
|
vivid |
Not vulnerable
(7.14-1)
|
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Not vulnerable
(7.14-1)
|
|
raring |
Not vulnerable
(7.14-1)
|
|
saucy |
Not vulnerable
(7.14-1)
|
|
upstream |
Released
(7.14-1)
|
|
utopic |
Not vulnerable
(7.14-1)
|
|
wily |
Not vulnerable
(7.14-1)
|
|
xenial |
Not vulnerable
(7.14-1)
|
|
yakkety |
Not vulnerable
(7.14-1)
|
|
zesty |
Not vulnerable
(7.14-1)
|
|
drupal5 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
drupal6 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|