Vulnerability in Drupal.org Drupal Core
CVE-2017-6928
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which on…
EPSS: 0.003 (51.4th percentile) — read the EPSS interpretation.
Affected products
- Drupal.org Drupal Core — versions Drupal 7.x versions before 7.57
References
- DSA-4123 (vendor-advisory, x_refsource_DEBIAN)
- [debian-lts-announce] 20180228 [SECURITY] [DLA 1295-1] drupal7 security update (mailing-list, x_refsource_MLIST)
- www.drupal.org/sa-core-2018-001 (x_refsource_CONFIRM)