Today > 6 Critical | 2 High | 10 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-13312

Jan. 9, 2025, 9:15 p.m.

Tags

CWE-862
mlhess@drupal.org
2025-01-09
CVE-2024-13312

Product(s) Impacted

Open Social

  • 11.8.0 - 12.3.10
  • 12.4.0 - 12.4.9

Description

Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9.

Weaknesses

CWE-862
Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

CWE ID: 862

Date

Published: Jan. 9, 2025, 9:15 p.m.

Last Modified: Jan. 9, 2025, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

mlhess@drupal.org

References

https://www.drupal.org/ mlhess@drupal.org