SS-2015-023: Advanced workflow member field exposure
- Severity:
- Low (?)
- Identifier:
- SS-2015-023
- Versions Affected:
- 3.2.1 and below
- Versions Fixed:
- 3.2.3
- Release Date:
- 2015-11-23
By default, the CMS Admin editable template for the NotifyUsers action has access to a large number of fields, including (for instance) Member#Password. This would allow a malicious CMS Admin to extract other admin passwords by adding a template emailing these fields to themselves when other admins trigger the workflow.
A new configuration option `NotifyUsersWorkflowAction.whitelist_template_variables` has been added. When this option is set to true via the Config API then only member fields specified via Member.summary_fields may be accessed.
