DRUPAL-CONTRIB-2019-067

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/tablefield/DRUPAL-CONTRIB-2019-067.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2019-067

Published

2019-09-18T15:17:32Z

Modified

2025-12-10T23:33:49.827839Z

Summary

[none]

Details

This module allows you to attach tabular data to an entity.

There is insufficient access checking for users with the ability to "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Export Tablefield Data as CSV".

References

https://www.drupal.org/sa-contrib-2019-067

Credits

- Mitch Portier
- - https://www.drupal.org/user/2284182

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/tablefield

Package

Name: drupal/tablefield
Purl: pkg:composer/drupal/tablefield

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

2.1.0

Database specific

{
    "constraint": "<2.1.0"
}

Database specific

affected_versions

"<2.1.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/tablefield/DRUPAL-CONTRIB-2019-067.json"