This module enables Drupal to synchronize entities with Salesforce records. The module includes a page that does not sufficiently protect access rights, resulting in potential information disclosure.
This vulnerability is mitigated by the fact that only Drupal entity title and IDs, and Salesforce record IDs are exposed. Entity content and metadata are appropriately protected. Disclosure of Salesforce ID does not confer any additional privileges.
Install the latest version:
- If you use the Salesforce Suite module for Drupal 8.x, upgrade to Salesforce Suite 8.x-3.1
Also see the Salesforce Suite project page.
- Greg Knaddison of the Drupal Security Team