The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.Referenceshttp://drupal.org/node/1507988http://drupal.org/drupal-7.14http://www.securityfocus.com/bid/53359http://www.mandriva.com/security/advisories?name=MDVSA-2013:074http://secunia.com/advisories/49012http://drupal.org/node/1557938http://drupalcode.org/project/drupal.git/commit/3bf6761ff7537dc68e22ea73f155134f3cfd41a8
