Backdrop core - Moderately critical - Access bypass - BACKDROP-SA-CORE-2023-005

Date: 
Apr 19th, 2023
Security risk: 
Moderately Critical
Vulnerability: 
Access bypass

File downloads do not sufficiently sanitize file paths in certain situations. This may result in people gaining access to private files to which they should not have access.

Some sites may require configuration changes following this security release. Review the release notes if you have issues accessing private files after updating.

  • All Backdrop sites running on Windows web servers are vulnerable.
  • Backdrop sites on Linux web servers are vulnerable only with certain file directory structures, or if a vulnerable contributed or custom file access module is installed.

 

Advisory ID: 
BACKDROP-SA-CORE-2023-005
Versions affected: 
  • Backdrop Core 1.24.x versions prior to 1.24.2
  • Backdrop Core 1.23.x versions prior to 1.23.4

Backdrop versions 1.22 and prior do not receive security coverage.

Backdrop core - Moderately critical - Access bypass - BACKDROP-SA-CORE-2023-004

Date: 
Mar 15th, 2023
Security risk: 
Moderately Critical
Vulnerability: 
Access bypass

Backdrop provides a page that outputs information from phpinfo() to assist with diagnosing issues with PHP configuration.

If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use this page to access sensitive information that could be used to escalate the attack.

This vulnerability is mitigated by the fact that a successful XSS exploit is also required in order to exploit this vulnerability.

Advisory ID: 
BACKDROP-SA-CORE-2023-004
Versions affected: 
  • Backdrop Core 1.24.x versions prior to 1.24.1
  • Backdrop Core 1.23.x versions prior to 1.23.2

Backdrop versions 1.22 and prior do not receive security coverage.

Borg - Critical - Cross Site Scripting - BACKDROP-SA-CONTRIB-2023-001

Date: 
Feb 15th, 2023
Security risk: 
Critical
Vulnerability: 
Cross Site Scripting

The borg theme does not sufficiently sanitize path arguments that are passed in via URL.

A CVE has been requested, and this page will be updated as soon as an official number has been issued.

Advisory ID: 
BACKDROP-SA-CONTRIB-2023-001
Versions affected: 
  • The borg theme versions prior to 1.x-1.1.19

CAS - Critical - Third Party Libraries - BACKDROP-SA-CONTRIB-2023-002

Date: 
Feb 15th, 2023
Security risk: 
Critical
Vulnerabilities: 
  • Access bypass
  • Third Party Libraries

Central Authentication Services (CAS) is a commonly used Single Sign-On protocol used by many universities and large organizations. 

The module includes a copy of the phpCAS library that is maintained by a third-party. Previous versions of this library may allow an attacker to gain unauthorized access to a user account in Backdrop. This release both includes and supports an updated version of the library that addresses this issue.

For more information concerning the exploit, please visit the following URL: https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64

Advisory ID: 
BACKDROP-SA-CONTRIB-2023-002
Versions affected: 
  • CAS module versions prior to 1.x-1.0.1

File (Field) Paths - Moderately critical - Access bypass - BACKDROP-SA-CONTRIB-2022-006

Date: 
Dec 15th, 2022
Security risk: 
Moderately Critical
Vulnerability: 
Access bypass

The File (Field) Paths module extends the default functionality of Backdrop's core File module, by adding the ability to use entity-based tokens in destination paths and file names.

The module's default configuration could temporarily expose private files to anonymous visitors.

Important note: to fix the problem, database updates must be run in addition to updating the module.

It's possible to make a configuration change to mitigate this problem in the admin UI at /admin/config/media/file-system/filefield-paths - the temp file location should use either the temporary:// or private:// stream wrapper if uploaded files should not be exposed publicly.

This vulnerability is mitigated by the fact that an attacker must be able to guess the temporary path used for file upload.

Advisory ID: 
BACKDROP-SA-CONTRIB-2022-006
Versions affected: 
  • File (Field) Paths versions v1.x-1.0.1 and prior

Backdrop core - Moderately critical - Information Disclosure - BACKDROP-SA-CORE-2022-004

Date: 
Jul 20th, 2022
Security risk: 
Moderately Critical
Vulnerability: 
Information Disclosure

In some situations, the Image module does not correctly check access to image files that are not stored in the standard public files directory when generating derivative images using the image styles system.

Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability.

Some sites may require configuration changes following this security release. Review the Backdrop release notes if you have issues accessing files or image styles after updating.

Advisory ID: 
BACKDROP-SA-CORE-2022-004
Versions affected: 
  • Backdrop Core 1.22.x versions prior to 1.22.1
  • Backdrop Core 1.21.x versions prior to 1.21.6

Backdrop versions 1.20 and prior do not receive security coverage.

Backdrop core - Moderately critical - Third Party Libraries - SA-BACKDROP-CORE-2022-003

Date: 
Mar 16th, 2022
Security risk: 
Moderately Critical
Vulnerabilities: 
  • Cross Site Scripting
  • Third Party Libraries

The Backdrop project uses the CKEditor library for rich-text editing. CKEditor has released a security update that impacts Backdrop.

If a Backdrop site is configured to use CKEditor for rich-text editing, an attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities. Victims may be people who later edit that content using CKEditor, including site admins with privileged access.

For more information, see CKEditor's security advisories:

 

Advisory ID: 
BACKDROP-SA-CORE-2022-003
Versions affected: 
  • Backdrop Core 1.21.x versions prior to 1.21.4
  • Backdrop Core 1.20.x versions prior to 1.20.7

Backdrop versions 1.19 and prior do not receive security coverage.

Backdrop core - Moderately critical - Cross Site Scripting - BACKDROP-SA-CORE-2022-002

Date: 
Mar 2nd, 2022
Security risk: 
Moderately Critical
Vulnerability: 
Cross Site Scripting

Backdrop CMS doesn't sufficiently sanitize certain interface text when adding links to existing content.

This vulnerability is mitigated by the fact that an attacker must have a role with permission to create content (nodes), files, user accounts, taxonomy terms, views, or layouts.

Advisory ID: 
BACKDROP-SA-CORE-2022-002
Versions affected: 
  • Backdrop Core 1.21.x versions prior to 1.21.3
  • Backdrop Core 1.20.x versions prior to 1.20.6

Backdrop versions 1.19 and prior do not receive security coverage.

Navbar - Moderately critical - Cross Site Scripting - BACKDROP-SA-CONTRIB-2022-005

Date: 
Feb 21st, 2022
Security risk: 
Moderately Critical
Vulnerability: 
Cross Site Scripting

This module provides a very simple, mobile-friendly navigation toolbar.

The module doesn't sufficiently check for user-provided input.

This vulnerability is mitigated by the fact that an attacker must have the ability to post content using a text format (like the default "Filtered HTML" format) that won't filter out the exploit code.

Advisory ID: 
BACKDROP-SA-CONTRIB-2022-005
Versions affected: 
  • Navbar versions prior to 1.x-1.8.0

 

Pages