Incorrect Authorization Vulnerability in Drupal Commerce by Drupal
CVE-2024-13257

Currently unrated

Key Information:

Vendor: Drupal
Status: Commerce View Receipt
Vendor: CVE Published:; 9 January 2025

What is CVE-2024-13257?

An incorrect authorization issue has been identified in Drupal Commerce's View Receipt component. This vulnerability allows attackers to perform forceful browsing, potentially accessing sensitive information and functionalities without proper permissions. The affected versions span from 0.0.0 up to, but not including, 1.0.3. Users are advised to upgrade to ensure protection against unauthorized access.

References

https://www.drupal.org/sa-contrib-2024-021

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025