Primary

Context

Drupal Layout Builder Advanced Permissions Missing Authorization Vulnerability Allowing Forceful Browsing

Vulnerability

A missing authorization vulnerability has been identified in the Drupal Layout Builder Advanced Permissions module, specifically in versions prior to 2.2.0. This vulnerability allows for access bypass, enabling forceful browsing. The issue arises because the module does not adequately control access for adding sections in the submodule, potentially allowing users to manipulate layouts beyond their intended permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized access and manipulation of layout permissions, allowing users to bypass restrictions and modify content layouts they should not have access to.

Remediation

Users of the Layout Builder Advanced Permissions module should upgrade to version 2.2.1.

Added: Aug 15, 2025, 5:17 PM

Updated: Aug 15, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Layout Builder Advanced Permissions Missing Authorization Vulnerability Allowing Forceful Browsing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating