Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-13272

Summary
Assigner-drupal
Assigner Org ID-2c85b837-eb8b-40ed-9d74-228c62987387
Published At-09 Jan, 2025 | 19:20
Updated At-14 Jan, 2025 | 17:06
Rejected At-
Credits

Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036

Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:drupal
Assigner Org ID:2c85b837-eb8b-40ed-9d74-228c62987387
Published At:09 Jan, 2025 | 19:20
Updated At:14 Jan, 2025 | 17:06
Rejected At:
▼CVE Numbering Authority (CNA)
Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036

Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.

Affected Products
Vendor
The Drupal AssociationDrupal
Product
Paragraphs table
Collection URL
https://www.drupal.org/project/paragraphs_table
Repo
https://git.drupalcode.org/project/paragraphs_table
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 1.23.0 (semver)
  • From 2.0.0 before 2.0.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-1220CWE-1220 Insufficient Granularity of Access Control
Type: CWE
CWE ID: CWE-1220
Description: CWE-1220 Insufficient Granularity of Access Control
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-148CAPEC-148 Content Spoofing
CAPEC ID: CAPEC-148
Description: CAPEC-148 Content Spoofing
Solutions
Configurations
Workarounds
Exploits
Credits
finder
James Williams
remediation developer
James Williams
remediation developer
NGUYEN Bao
remediation developer
Steven Jones
remediation developer
Joseph Olstad
coordinator
Greg Knaddison
coordinator
Jess
coordinator
Juraj Nemec
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.drupal.org/sa-contrib-2024-036
N/A
Hyperlink: https://www.drupal.org/sa-contrib-2024-036
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mlhess@drupal.org
Published At:09 Jan, 2025 | 20:15
Updated At:27 Aug, 2025 | 19:23

Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CPE Matches
paragraphs_table_project
paragraphs_table_project
>>paragraphs_table>>Versions before 1.23.0(exclusive)
cpe:2.3:a:paragraphs_table_project:paragraphs_table:*:*:*:*:*:drupal:*:*
paragraphs_table_project
paragraphs_table_project
>>paragraphs_table>>Versions from 2.0.0(inclusive) to 2.0.2(exclusive)
cpe:2.3:a:paragraphs_table_project:paragraphs_table:*:*:*:*:*:drupal:*:*
Weaknesses
CWE IDTypeSource
CWE-1220Secondarymlhess@drupal.org
CWE ID: CWE-1220
Type: Secondary
Source: mlhess@drupal.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.drupal.org/sa-contrib-2024-036mlhess@drupal.org
Third Party Advisory
Hyperlink: https://www.drupal.org/sa-contrib-2024-036
Source: mlhess@drupal.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1Records found
CVE-2024-13256
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.55%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 19:03
Updated-04 Jun, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Email Contact - Moderately critical - Access bypass - SA-CONTRIB-2024-020

Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4.

Action-Not Available
Vendor-email_contact_projectThe Drupal Association
Product-email_contactEmail Contact
CWE ID-CWE-1220
Insufficient Granularity of Access Control
Details not found