- Backdrop Core 1.x versions prior to 1.0.2
Layout access bypass
The core Layout module incorrectly stores contextual information in a cache that may result in cached contexts being served in the wrong situations. This may result in blocks or layouts that are limited to a specific user role or permission being shown to non-privileged accounts. This vulnerability is mitigated by the fact that an administrator must have configured a layout or block must use contextual access control. By default, all blocks and layouts have no access restrictions.
Views open redirect vulnerability
The core Views UI module does not sanitize user provided URLs when processing the page to break the lock on Views being edited, thereby exposing a phishing attack vector. This vulnerability is mitigated by the fact that the Views UI submodule must be enabled.
Views access bypass vulnerability
The core Views module does not protect the default Views configurations sufficiently, thereby exposing possibly protected information to unprivileged users. This vulnerability is mitigated by the fact that it only affects sites that have not granted the common "access content" or "access comments" permission to untrusted users. Furthermore, these default views configurations are disabled by default and must be enabled by an administrator.