Improper Access Control in Drupal Open Social by Drupal
CVE-2024-13240

Currently unrated

Key Information:

Vendor: Drupal
Status: Open Social
Vendor: CVE Published:; 9 January 2025

What is CVE-2024-13240?

An improper access control vulnerability in Drupal's Open Social platform allows unauthorized data collection from common resource locations. This flaw primarily affects versions of Open Social prior to 12.05, potentially exposing sensitive information to malicious actors. Website administrators should take immediate action to update to a secure version and mitigate the risk of data leakage.

References

https://www.drupal.org/sa-contrib-2024-004

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025