Localgov Workflows
Monthly
Missing authorization in the Drupal LocalGov Workflows contrib module (all versions 0.0.0 through 1.6.0, fixed in 1.6.0) lets remote attackers reach protected workflow-related routes through forceful browsing without proper permission checks. The flaw carries a vendor CVSS of 9.8 (AV:N/AC:L/PR:N/UI:N), but EPSS is low (0.14%, 4th percentile) and there is no public exploit identified at time of analysis. Affected sites are Drupal deployments running this LocalGov Drupal editorial-workflow module.
Missing authorization in the Drupal LocalGov Workflows contrib module (all versions 0.0.0 through 1.6.0, fixed in 1.6.0) lets remote attackers reach protected workflow-related routes through forceful browsing without proper permission checks. The flaw carries a vendor CVSS of 9.8 (AV:N/AC:L/PR:N/UI:N), but EPSS is low (0.14%, 4th percentile) and there is no public exploit identified at time of analysis. Affected sites are Drupal deployments running this LocalGov Drupal editorial-workflow module.