Candidate: CVE-2014-5020
PublicDate: 2014-07-22 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5020
 https://www.drupal.org/SA-CORE-2014-003
 http://www.debian.org/security/2014/dsa-2983
Description:
 The File module in Drupal 7.x before 7.29 does not properly check
 permissions to view files, which allows remote authenticated users with
 certain permissions to bypass intended restrictions and read files by
 attaching the file to content with a file field.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_drupal7:
upstream_drupal7: released (7.29)
lucid_drupal7: DNE
precise_drupal7: ignored (reached end-of-life)
precise/esm_drupal7: DNE (precise was needed)
trusty_drupal7: ignored (reached end-of-life)
trusty/esm_drupal7: DNE (trusty was needed)
utopic_drupal7: not-affected (7.32-1)
vivid_drupal7: not-affected (7.32-1)
vivid/stable-phone-overlay_drupal7: DNE
vivid/ubuntu-core_drupal7: DNE
wily_drupal7: not-affected (7.32-1)
xenial_drupal7: not-affected (7.32-1)
yakkety_drupal7: not-affected (7.32-1)
zesty_drupal7: not-affected (7.32-1)
artful_drupal7: not-affected (7.32-1)
bionic_drupal7: DNE
cosmic_drupal7: DNE
disco_drupal7: DNE
devel_drupal7: DNE