Contrib.social

Various views do not enforce any access control

Open on Drupal.org →
Created on 7 October 2019, over 5 years ago
Updated 6 June 2023, almost 2 years ago

Various views provided by this project do not enforce any access control, including:

  • commerce_reports_customer_statistics
  • commerce_reports_sales_overview
  • commerce_reports_taxes

This can expose sensitive data such as revenue figures, taxes paid, etc.

🐛 Bug report
Status

Active

Version

4.0

Component

Code

Created by

🇺🇸United States acrollet

Live updates comments and jobs are added and updated live.
  • Security

    It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024