CVE-2011-4972

Published: Nov 13, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request.

Affected (1)

Products: Ckeditor: Ckeditor

Ckeditor

1 product

Ckeditor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ckeditor Ckeditor	Version 7.x-1.4

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.openwall.com/lists/oss-security/2013/06/04/5

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2013/06/04/7

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://drupal.org/node/1337006

Source: secalert@redhat.com

PatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2013/06/04/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2013/06/04/7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://drupal.org/node/1337006

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.