What is CVE-2011-2726?

CVE-2011-2726 is a vulnerability in Drupal 7.x before version 7.5 that allows access bypass.

What is the severity of CVE-2011-2726?

The severity of CVE-2011-2726 is high, with a severity value of 7.5.

How does CVE-2011-2726 affect Drupal?

CVE-2011-2726 affects Drupal versions 7.x before version 7.5, allowing access bypass.

How can I fix CVE-2011-2726 in Drupal?

To fix CVE-2011-2726 in Drupal, you should update to version 7.5 or later.

Where can I find more information about CVE-2011-2726?

You can find more information about CVE-2011-2726 on the Debian Security Tracker and Red Hat Bugzilla.

Vulnerability/
CVE-2011-2726

high

7.5

CWE

863

15/11/2019

3/12/2019

CVE-2011-2726

First published: Fri Nov 15 2019(Updated: )

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Drupal Drupal	>=7.0<7.5
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Redhat Enterprise Linux	=6.0
Redhat Enterprise Linux	=5.0
Fedoraproject Fedora	=16
Fedoraproject Fedora	=15
Fedoraproject Fedora	=14
debian/drupal7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2011-2726?
CVE-2011-2726 is a vulnerability in Drupal 7.x before version 7.5 that allows access bypass.
What is the severity of CVE-2011-2726?
The severity of CVE-2011-2726 is high, with a severity value of 7.5.
How does CVE-2011-2726 affect Drupal?
CVE-2011-2726 affects Drupal versions 7.x before version 7.5, allowing access bypass.
How can I fix CVE-2011-2726 in Drupal?
To fix CVE-2011-2726 in Drupal, you should update to version 7.5 or later.
Where can I find more information about CVE-2011-2726?
You can find more information about CVE-2011-2726 on the Debian Security Tracker and Red Hat Bugzilla.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/nvd-historical
collector/nvd-index
collector/security-tracker-debian
vendor/drupal
canonical/drupal drupal
version/drupal drupal/7.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/6.0
version/redhat enterprise linux/5.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/16
version/fedoraproject fedora/15
version/fedoraproject fedora/14
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.