Missing Authorization Vulnerability in Drupal Download All Files
CVE-2024-13303

Currently unrated

Key Information:

Vendor: Drupal
Vendor: CVE Published:; 9 January 2025

Summary

A vulnerability in the Download All Files module for Drupal has been identified that allows unauthorized users to access and download files they should not have permission to view. This missing authorization issue could lead to unauthorized data exposure, enabling attackers to forcefully browse to restricted resources within the application. The vulnerability affects versions from 0.0.0 up to, but not including, 2.0.2, making an update essential for users of this module.

References

https://www.drupal.org/sa-contrib-2024-069

Timeline

Vulnerability published
Jan 9, 2025