TableField - Moderately critical - Access bypass - SA-CONTRIB-2019-067
Project: TableField
Version: 8.x-2.x-dev
Date: 2019-September-18
Security risk: Moderately critical 12∕25
Vulnerability: Access bypass
Description
This module allows you to attach tabular data to an entity.
There is insufficient access checking for users with the ability to "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities.