Improper Ownership Management in Drupal Node Access Rebuild Progressive
CVE-2024-13249

Currently unrated

Key Information:

Vendor: Drupal
Status: Node Access Rebuild Progressive
Vendor: CVE Published:; 9 January 2025

What is CVE-2024-13249?

An Improper Ownership Management vulnerability exists in Drupal's Node Access Rebuild Progressive module, enabling attackers to manipulate permissions through improper handling of ownership claims. This flaw can lead to target influence via framing, potentially allowing unauthorized users to gain access to sensitive data or functionality. The issue is present in versions from 7.X-1.0 before 7.X-1.2, posing a risk to websites using this module.

References

https://www.drupal.org/sa-contrib-2024-013

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025