CVE-2013-0246

EPSS 0.41%
Veröffentlicht 16.07.2013 18:55:01
Zuletzt bearbeitet 29.04.2026 01:13:23
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

NVD 35 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Drupal ≫ Drupal Version7.0

Drupal ≫ Drupal Version7.0 Updatealpha1

Drupal ≫ Drupal Version7.0 Updatealpha2

Drupal ≫ Drupal Version7.0 Updatealpha3

Drupal ≫ Drupal Version7.0 Updatealpha4

Drupal ≫ Drupal Version7.0 Updatealpha5

Drupal ≫ Drupal Version7.0 Updatealpha6

Drupal ≫ Drupal Version7.0 Updatealpha7

Drupal ≫ Drupal Version7.0 Updatebeta1

Drupal ≫ Drupal Version7.0 Updatebeta2

Drupal ≫ Drupal Version7.0 Updatebeta3

Drupal ≫ Drupal Version7.0 Updatedev

Drupal ≫ Drupal Version7.0 Updaterc1

Drupal ≫ Drupal Version7.0 Updaterc2

Drupal ≫ Drupal Version7.0 Updaterc3

Drupal ≫ Drupal Version7.0 Updaterc4

Drupal ≫ Drupal Version7.1

Drupal ≫ Drupal Version7.2

Drupal ≫ Drupal Version7.3

Drupal ≫ Drupal Version7.4

Drupal ≫ Drupal Version7.5

Drupal ≫ Drupal Version7.6

Drupal ≫ Drupal Version7.7

Drupal ≫ Drupal Version7.8

Drupal ≫ Drupal Version7.9

Drupal ≫ Drupal Version7.10

Drupal ≫ Drupal Version7.11

Drupal ≫ Drupal Version7.12

Drupal ≫ Drupal Version7.13

Drupal ≫ Drupal Version7.14

Drupal ≫ Drupal Version7.15

Drupal ≫ Drupal Version7.16

Drupal ≫ Drupal Version7.17

Drupal ≫ Drupal Version7.18

Drupal ≫ Drupal Version7.x-dev

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.603

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html

http://seclists.org/fulldisclosure/2013/Jan/120

http://seclists.org/oss-sec/2013/q1/211

http://secunia.com/advisories/51717

Vendor Advisory

https://drupal.org/SA-CORE-2013-001

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-0246

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0246

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0246

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2013-0246