DRUPAL-SA-CONTRIB-2018-007

FileField Sources - Moderately critical - Access Bypass - SA-CONTRIB-2018-007

https://www.drupal.org/sa-contrib-2018-007

 

A very important advisory that was originally reported by me and after some back and forth with people outside of Drupal Security Team, having invitation by a member to the private issue (?), we've managed to push this fix out where my contribution got greatly appreciated by @mlhess naming me first time a Provisional Security Team Member.

 

First time being provisional member.

Also this module is currently the most installed one, having over 70k users out of the list where I've contributed as a security researcher.

We also use it in NextEuropa and it was evaluated as Low priority by NextEuropa Security Risk Metrics - in the meantime we released it ;-)