Incorrect Authorization Vulnerability in Drupal Basic HTTP Authentication
CVE-2024-13291

Currently unrated

Key Information:

Vendor: Drupal
Vendor: CVE Published:; 9 January 2025

Summary

A security vulnerability in Drupal's Basic HTTP Authentication component allows attackers to exploit incorrect authorization mechanisms, potentially leading to forceful browsing. This affects versions 7.X-1.0 through 7.X-1.4, enabling unauthorized access to restricted resources. It is crucial for users to update to the patched versions to safeguard applications against this threat.

References

https://www.drupal.org/sa-contrib-2024-057

Timeline

Vulnerability published
Jan 9, 2025