Nick Onom's picture

Nick

 Marketing Project Manager

Sep 18, 2019
Add comment

TableField - Moderately critical - Access bypass - SA-CONTRIB-2019-067

Project: TableField
Version: 8.x-2.x-dev
Date: 2019-September-18
Security risk: Moderately critical 12∕25 
Vulnerability: Access bypass

Description

This module allows you to attach tabular data to an entity.

There is insufficient access checking for users with the ability to "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Export Tablefield Data as CSV".

Solution

Install the latest version:

If you use the Tablefield module for Drupal 8.x, upgrade to Tablefield 8.x-2.1
Also see the TableField project page.

https://www.drupal.org/sa-contrib-2019-067

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.
Drupal · Security

We value your opinion. Please add your feedback.

Get Started or Contact Us