{"id":"MGASA-2017-0198","summary":"Updated drupal packages fix security vulnerability","details":"Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files\nuploaded by anonymous users into a private file system can be accessed\nby other anonymous users leading to an access bypass vulnerability\n(CVE-2017-6922).\n","modified":"2026-04-16T06:24:28.394556186Z","published":"2017-06-29T21:40:57Z","upstream":["CVE-2017-6922"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0198.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21152"},{"type":"WEB","url":"https://www.drupal.org/SA-CORE-2017-003"},{"type":"WEB","url":"https://www.drupal.org/project/drupal/releases/7.53"},{"type":"WEB","url":"https://www.drupal.org/project/drupal/releases/7.54"},{"type":"WEB","url":"https://www.drupal.org/project/drupal/releases/7.55"},{"type":"WEB","url":"https://www.drupal.org/project/drupal/releases/7.56"},{"type":"WEB","url":"https://www.debian.org/security/2017/dsa-3897"}],"affected":[{"package":{"name":"drupal","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/drupal?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.56-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0198.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}