File Chooser Field - Moderately critical - Server Side Request Forgery, Information Disclosure - SA-CONTRIB-2023-015

Project:

File Chooser Field

Date:

2023-May-17

Security risk:

Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:None/E:Exploit/TD:All

Vulnerability:

Server Side Request Forgery, Information Disclosure

Affected versions:

<1.13

Description:

The File Chooser Field allows users to upload files using 3rd party plugins such as Google Drive and Dropbox.

This module fails to validate user input sufficiently which could under certain circumstances lead to a Server Side Request Forgery (SSRF) vulnerability leading to Information Disclosure. In uncommon configurations and scenarios, it might lead to Remote Code Execution.

Solution:

If you use File Chooser Field version 7.x-1.x, Upgrade to 7.x-1.13

Reported By:

Drew Webber of the Drupal Security Team
George Hazlewood

Fixed By:

Drew Webber of the Drupal Security Team
aaron.ferris

Coordinated By:

Greg Knaddison of the Drupal Security Team

Contribution record

Contact and more information

The Drupal security team can be reached by email at security at drupal.org or via the contact form.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Bluesky, or Mastodon or Linkedin.

Contributing organizations for this advisory

The security team is made up of volunteers around the world. The companies above have sponsored time on this release.

File Chooser Field - Moderately critical - Server Side Request Forgery, Information Disclosure - SA-CONTRIB-2023-015

Contact and more information

Contributing organizations for this advisory

News items

Our community

Documentation

Drupal code base

Governance of community