Drupal Advanced PWA Push Notifications Incorrect Authorization Vulnerability Allowing Forceful Browsing

Vulnerability

A vulnerability allowing incorrect authorization has been identified in the Drupal Advanced PWA Push Notifications module, versions prior to 1.5.0. This issue enables forceful browsing by improperly managing user permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized access to certain resources or functionalities, allowing users to bypass restrictions and potentially manipulate or view data they should not have access to.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Advanced PWA Push Notifications Incorrect Authorization Vulnerability Allowing Forceful Browsing

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating