Project: Taxonomy File Tree
Security risk: *Moderately critical* 13∕25
Vulnerability: Access bypass
Taxonomy File Tree allows site managers to create file trees.
For files managed as Drupal files, the module does not properly check that a
user has access to a file before letting the user download the file.
This vulnerability only affects sites that use private files.