Taxonomy File Tree - Moderately critical - Access bypass - SA-CONTRIB-2018-061

Project: Taxonomy File Tree
Version: 7.x-1.0
Date: 2018-September-26
Security risk: *Moderately critical* 13∕25
Vulnerability: Access bypass

Description

Taxonomy File Tree allows site managers to create file trees.

For files managed as Drupal files, the module does not properly check that a
user has access to a file before letting the user download the file.

This vulnerability only affects sites that use private files.

Solution

Install the latest version:

* If you use the Taxonomy File Tree module for Drupal 7.x, upgrade to Taxonomy File Tree 7.x-1.1

Also see the Taxonomy File Tree project page.

Add new comment