Advisory ID: 
BACKDROP-SA-CONTRIB-2018-001
Vulnerability: 
Information Disclosure
Versions affected: 
  • FileField Sources module versions prior to 1.11.0

This module enables you to upload files to fields via several sources.

The module doesn't sufficiently handle access control under the scenario of the autocomplete path of reference sources.

Solution: 

If you use the filefield_sources module and the provided "Reference Existing" source, upgrade to the latest version of the module, 1.11.0, from the project page or via the built-in project updater within Backdrop.

Reported By: 
Fixed By: 
Coordinated By: