Date: 
2018-December-05
Vulnerability: 
Access bypass
Affected versions: 
<3.1.0
Description: 

This module enables Drupal to synchronize entities with Salesforce records. The module includes a page that does not sufficiently protect access rights, resulting in potential information disclosure.

This vulnerability is mitigated by the fact that only Drupal entity title and IDs, and Salesforce record IDs are exposed. Entity content and metadata are appropriately protected. Disclosure of Salesforce ID does not confer any additional privileges.

Solution: 

Install the latest version:

Also see the Salesforce Suite project page.

Reported By: 
Coordinated By: