Advisory ID: 
BACKDROP-SA-CONTRIB-2018-001
Vulnerability: 
Information Disclosure
Versions affected: 
  • FileField Sources module versions prior to 1.11.0
Description: 

This module enables you to upload files to fields via several sources.

The module doesn't sufficiently handle access control under the scenario of the autocomplete path of reference sources.

Solution: 

If you use the filefield_sources module and the provided "Reference Existing" source, upgrade to the latest version of the module, 1.11.0, from the project page or via the built-in project updater within Backdrop.

Reported By: 
Fixed By: 
Coordinated By: