TableField - Moderately critical - Access bypass - SA-CONTRIB-2019-067

Project: TableFieldVersion: 8.x-2.x-devDate: 2019-September-18Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: This module allows you to attach tabular data to an entity.
There is insufficient access checking for users with the ability to "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Export Tablefield Data as CSV".Solution: Install the latest version:

Also see the TableField project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article