CVE-2012-1591 Information

Description

The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images which allows remote attackers to read private image styles.

Reference

http://drupal.org/drupal-7.14 http://drupal.org/node/1507988 http://drupal.org/node/1557938 http://drupalcode.org/project/drupal.git/commit/3bf6761ff7537dc68e22ea73f155134f3cfd41a8 http://secunia.com/advisories/49012 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.securityfocus.com/bid/53359