Date:
Wednesday, Feb 21st, 2018
Advisory ID:
BACKDROP-SA-CORE-2018-001a
Security risk:
Moderately Critical
Vulnerability:
Access bypass
CVE ID:
Versions affected:
- Backdrop Core versions prior to 1.9.2
Description:
When using Backdrop's private file system, Backdrop will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability.
This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.
Solution:
Upgrade your site to the most recent version of Backdrop core. Download available on the Backdrop CMS 1.9.2 release page. See the update instructions, if needed.
Reported By:
Fixed By:
- David Rothstein of the Drupal Security Team
- Lee Rowlands of the Drupal Security Team
- Jess of the Drupal Security Team
- Stefan Ruijsenaars of the Drupal Security Team
- Ken Rickard
- Nate Lampton of the Backdrop Security Team
Coordinated By:
- Jess of the Drupal Security Team
- Michael Hess of the Drupal Security Team
- Nate Lampton of the Backdrop Security Team