Today > 6 Critical | 2 High | 10 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-13272

Jan. 9, 2025, 8:15 p.m.

Tags

CWE-1220
mlhess@drupal.org
2025-01-09
CVE-2024-13272

Product(s) Impacted

Drupal

  • 0.0.0 - 1.23.0
  • 2.0.0 - 2.0.2

Description

Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.

Weaknesses

CWE-1220
Insufficient Granularity of Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

CWE ID: 1220

Date

Published: Jan. 9, 2025, 8:15 p.m.

Last Modified: Jan. 9, 2025, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

mlhess@drupal.org

References

https://www.drupal.org/ mlhess@drupal.org