Salesforce Suite - Moderately critical - Access bypass - SA-CONTRIB-2018-078

Project: Salesforce SuiteDate: 2018-December-05Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: This module enables Drupal to synchronize entities with Salesforce records. The module includes a page that does not sufficiently protect access rights, resulting in potential information disclosure.
This vulnerability is mitigated by the fact that only Drupal entity title and IDs, and Salesforce record IDs are exposed. Entity content and metadata are appropriately protected. Disclosure of Salesforce ID does not confer any additional privileges.Solution: Install the latest version:

Also see the Salesforce Suite project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article