Vulnerability-Lookup

Vulnerability from drupal

Published

2024-02-21 16:58

Modified

2025-02-20 18:36

Summary

Details

This module provides an alternative mean of rebuilding the Content Access table.

The module doesn't sufficiently reset the state of content access when the module is uninstalled.

Credits

Pierre Rudloff www.drupal.org/user/3611858

References

URL

Type

https://www.drupal.org/sa-contrib-2024-010

WEB

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "affected_versions": "\u003c2.0.2"
      },
      "package": {
        "ecosystem": "Packagist:https://packages.drupal.org/8",
        "name": "drupal/node_access_rebuild_progressive"
      },
      "ranges": [
        {
          "database_specific": {
            "constraint": "\u003c2.0.2"
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "severity": []
    }
  ],
  "aliases": [
    "CVE-2024-13246"
  ],
  "credits": [
    {
      "contact": [
        "https://www.drupal.org/user/3611858"
      ],
      "name": "Pierre Rudloff"
    }
  ],
  "details": "This module provides an alternative mean of rebuilding the Content Access table.\n\nThe module doesn\u0027t sufficiently reset the state of content access when the module is uninstalled.",
  "id": "DRUPAL-CONTRIB-2024-010",
  "modified": "2025-02-20T18:36:16.000Z",
  "published": "2024-02-21T16:58:11.000Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2024-010"
    }
  ],
  "schema_version": "1.7.0"
}

CVE-2024-13246 (GCVE-0-2024-13246)

Vulnerability from cvelistv5 – Published: 2025-01-09 18:52 – Updated: 2025-01-10 19:34

Title

Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-010

Summary

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-282 - Improper Ownership Management

Assigner

drupal

References

1 reference

URL	Tags
https://www.drupal.org/sa-contrib-2024-010

Impacted products

1 product

Vendor	Product	Version
Drupal	Node Access Rebuild Progressive	Affected: 0.0.0 , < 2.0.2 (semver)

Date Public

2024-02-21 16:58

Credits

Pierre Rudloff Pierre Rudloff Shelane French Greg Knaddison Damien McKenna

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-13246",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-10T19:33:29.176989Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-10T19:34:34.972Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.drupal.org/project/node_access_rebuild_progressive",
          "defaultStatus": "unaffected",
          "product": "Node Access Rebuild Progressive",
          "repo": "https://git.drupalcode.org/project/node_access_rebuild_progressive",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThan": "2.0.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pierre Rudloff"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Pierre Rudloff"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Shelane French"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Greg Knaddison"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Damien McKenna"
        }
      ],
      "datePublic": "2024-02-21T16:58:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.\u003cp\u003eThis issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2.\u003c/p\u003e"
            }
          ],
          "value": "Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-425",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-425 Target Influence via Framing"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-282",
              "description": "CWE-282 Improper Ownership Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T18:52:31.142Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-contrib-2024-010"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-010",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2024-13246",
    "datePublished": "2025-01-09T18:52:31.142Z",
    "dateReserved": "2025-01-09T18:27:08.198Z",
    "dateUpdated": "2025-01-10T19:34:34.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

Vulnerability from drupal

CVE-2024-13246 (GCVE-0-2024-13246)

Tags

Sightings

Nomenclature