CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-13258: Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022

Description

Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13.

Classification

CVE ID: CVE-2024-13258

Affected Products

Vendor: Drupal

Product: Drupal REST & JSON API Authentication

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-07 (when was this score calculated)

References

https://www.drupal.org/sa-contrib-2024-022

Timeline

2025-01-10 00:30:24 UTC
CVE

Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022