CVE-2024-13253

Name of the Vulnerable Software and Affected Versions Drupal Advanced PWA inc Push Notifications versions 0.0.0 through 1.5.0

Description The issue is related to an incorrect authorization vulnerability in the Drupal Advanced PWA inc Push Notifications module, which allows for forceful browsing. This means that an attacker can bypass security restrictions and perform unauthorized actions. The vulnerability can be exploited remotely.

Recommendations For versions 0.0.0 through 1.5.0, update to version 1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the module to minimize the risk of exploitation.