What the vulnerability does
01Description
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4.
CVSS base score
What the vulnerability does
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4.
Explanation of Vulnerability in Simple Terms
Drupal Canvas module versions before 1.0.4 contain an authorization flaw that allows users to perform actions they should not be permitted to perform. The vulnerability stems from incorrect permission checks in the module's access control logic. Site administrators should update to version 1.0.4 or later to remediate this issue.
What an attacker can do
Perform actions or access resources that their user role should not permit.
Potential impact on your site
Users may bypass intended permission restrictions and access or modify content outside their role.
Conditions required to exploit
Attacker must have a user account on the site with some level of access.
Key dates
External resources
Related vulnerabilities