4 matches found
CVE-2023-31250
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...
Linux Distros Unpatched Vulnerability : CVE-2023-31250
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they...
CVE-2023-31250 Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...
CVE-2023-31250
Drupal core contains a path traversal vulnerability in the file download facility caused by insufficient sanitization of file paths. This can lead to unauthorized access to private files (high confidentiality impact). Affected: Drupal core; vulnerability tracked as SA-CORE-2023-005 (CVE-2023-3125...