- Access bypass
- Open Redirect
- Denial of Service
- Backdrop Core 1.x versions prior to 1.3.3
File upload access bypass and denial of service (File module - Moderately Critical)
A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted and processed. If an attacker carries out this attack continuously, all file uploads to a site could be blocked by deleting all temporary files before they can be saved.
This vulnerability is mitigated by the fact that the attacker must have permission to create content or comment and upload files as part of that process.
Open redirect via path manipulation (Base system - Moderately Critical)
The current path can be populated with an external URL. This can lead to Open Redirect vulnerabilities.
This vulnerability is mitigated by the fact that it would only occur in combination with custom code, or in certain cases if a user submits a form shown on a 404 page with a specially crafted URL.
Upgrade your site to the latest version of Backdrop CMS. Download available at Backdrop CMS 1.3.3 release page. Update instructions are available at https://backdropcms.org/upgrade#from-previous-versions.
File upload access bypass and denial of service:
Open redirect via path manipulation:
- Francesco Placella
- Heine Deelstra of the Drupal Security Team
- Pere Orga of the Drupal Security Team
- Peter Wolanin of the Drupal Security Team
File upload access bypass and denial of service:
- fnqgpc
- Nathaniel Catchpole of the Drupal Security Team
- Ben Dougherty of the Drupal Security Team
- Lee Rowlands of the Drupal Security Team
- Sascha Grossenbacher
- Gábor Hojtsy of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
- Klaus Purer of the Drupal Security Team
- David Rothstein of the Drupal Security Team
- Stefan Ruijsenaars, provisional member of the Drupal Security Team
- Cathy Theys, provisional member of the Drupal Security Team
- Peter Wolanin of the Drupal Security Team
- Nate Haug of the Backdrop CMS Security Team
Open redirect via path manipulation:
- Nathaniel Catchpole of the Drupal Security Team
- Ben Dougherty of the Drupal Security Team
- Alan Evans
- Nate Haug of the Backdrop Security Team
- Gábor Hojtsy
- Heine Deelstra of the Drupal Security Team
- David Stoline of the Drupal Security Team
- Damien McKenna
- Pere Orga of the Drupal Security Team
- Francesco Placella
- Dave Reid
- David Rothstein of the Drupal Security Team
- Lee Rowlands
- David Snopek
- Cathy Theys, provisional member of the Drupal Security Team
- Peter Wolanin of the Drupal Security Team
- The Drupal Security Team
- Cathy Theys, provisional member of the Drupal Security team
- Nate Haug of the Backdrop CMS Security Team