Date: 
Tuesday, Feb 23rd, 2016
Advisory ID: 
BACKDROP-SA-CORE-2016-001
Vulnerabilities: 
  • Access bypass
  • Open Redirect
  • Denial of Service
Versions affected: 
  • Backdrop Core 1.x versions prior to 1.3.3
Description: 

File upload access bypass and denial of service (File module - Moderately Critical)

A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted and processed. If an attacker carries out this attack continuously, all file uploads to a site could be blocked by deleting all temporary files before they can be saved.

This vulnerability is mitigated by the fact that the attacker must have permission to create content or comment and upload files as part of that process.

Open redirect via path manipulation (Base system - Moderately Critical)

The current path can be populated with an external URL. This can lead to Open Redirect vulnerabilities.

This vulnerability is mitigated by the fact that it would only occur in combination with custom code, or in certain cases if a user submits a form shown on a 404 page with a specially crafted URL.

Solution: 

Upgrade your site to the latest version of Backdrop CMS. Download available at Backdrop CMS 1.3.3 release page. Update instructions are available at https://backdropcms.org/upgrade#from-previous-versions.

Reported By: 

File upload access bypass and denial of service:

Open redirect via path manipulation:

Fixed By: 

File upload access bypass and denial of service:

Open redirect via path manipulation:

Coordinated By: 

Security email list

Backdrop maintains a security mailing list. Whenever a security release comes out, an email will be sent to everyone subscribed to that list, announcing the new release. Please follow the steps below to join the Security email list.

  1. Log in to backdropcms.org
  2. Edit your profile
  3. Switch to the "Subscriptions" tab
  4. Check the box labeled "Security updates"
  5. Save the form