[MEDIUM] Files uploaded by anonymous users into a private file system can be accessed by other anonymous users

PKSA-fmbg-ynh5-ncwt CVE-2017-6922 GHSA-58f3-cx8p-h8jg

Affected package: drupal/drupal

Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.4

Reported by:
FriendsOfPHP/security-advisories, GitHub