Primary

Context

Drupal Acquia DAM Missing Authorization Vulnerability Allowing Forceful Browsing

Vulnerability

A missing authorization vulnerability has been identified in Drupal Acquia DAM versions prior to 1.1.5. This vulnerability allows forceful browsing by creating an access bypass to a list of DAM assets currently synced to the website. The issue arises because the module does not adequately validate authorization for these assets, potentially leading to unauthorized access.

Impact

Exploitation of this vulnerability bypasses access controls, allowing unauthorized users to view DAM assets they should not have access to.

Remediation

Users can upgrade to Acquia DAM version 1.1.5 or later, which automatically adjusts view permissions to align with the 'access media overview' permission. For sites that cannot update, the issue can be mitigated by manually restricting access on three views: Acquia DAM Asset Library, Acquia DAM links, and DAM Content Overview.

Added: Oct 30, 2025, 12:17 AM

Updated: Oct 30, 2025, 12:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Acquia DAM Missing Authorization Vulnerability Allowing Forceful Browsing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating