Francesco Sardara

**Name of the Vulnerable Software and Affected Versions** Drupal Block permissions versions 1.0.0 through 1.2.0 **Description** The issue is related to an incorrect authorization mechanism in the Block permissions module of the Drupal CMS system. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability enables forceful browsing. **Recommendations** For versions 1.0.0 through 1.2.0, update to a version that includes the fix for the incorrect authorization vulnerability to prevent forceful browsing. As a temporary workaround, consider restricting access to the Block permissions module until a patch is available.