CVE-2024-13276

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.drupal.org/sa-contrib-2024-040

Configurations

No configuration.

History

10 Jan 2025, 17:15

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de inserción de información confidencial en datos enviados en Drupal File Entity (archivos que se pueden clasificar en campos) permite una navegación forzada. Este problema afecta a File Entity (archivos que se pueden clasificar en campos): desde 7.X-* antes de 7.X-2.39.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

09 Jan 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-09 20:15

Updated : 2025-01-10 17:15

NVD link : CVE-2024-13276

Mitre link : CVE-2024-13276

CVE.ORG link : CVE-2024-13276

JSON object : View

Products Affected

No product.

CWE

CWE-201

Insertion of Sensitive Information Into Sent Data

7.5 /10