php · getkirby/cmsHeads-up
Kirby CMS: Missing authorization check in clean file redirects for top-level draft pages
Missing authorization check in clean file redirects for top-level draft pages allowed unauthorized access to files stored in drafts.
What changed
Missing authorization check in clean file redirects for top-level draft pages allowed unauthorized access to files stored in drafts.
Who it affects
Kirby CMS sites with `content.fileRedirects` enabled (Kirby 5) or default (Kirby 4) that have top-level draft pages with files.
What to do today
Update to Kirby 4.9.4 or 5.4.4 or later to fix the vulnerability.
The trail
Collected→
Audited→
Written→
Published