PT-2025-2097 · Drupal · Drupal
Evgenii Nikitin
+3
·
Published
2024-10-09
·
Updated
2025-01-10
·
CVE-2024-13282
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Drupal Block permissions versions 1.0.0 through 1.2.0
Description
The issue is related to an incorrect authorization mechanism in the Block permissions module of the Drupal CMS system. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability enables forceful browsing.
Recommendations
For versions 1.0.0 through 1.2.0, update to a version that includes the fix for the incorrect authorization vulnerability to prevent forceful browsing.
As a temporary workaround, consider restricting access to the Block permissions module until a patch is available.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal