Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-13274

Summary
Assigner-drupal
Assigner Org ID-2c85b837-eb8b-40ed-9d74-228c62987387
Published At-09 Jan, 2025 | 19:27
Updated At-14 Jan, 2025 | 17:08
Rejected At-
Credits

Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038

Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:drupal
Assigner Org ID:2c85b837-eb8b-40ed-9d74-228c62987387
Published At:09 Jan, 2025 | 19:27
Updated At:14 Jan, 2025 | 17:08
Rejected At:
▼CVE Numbering Authority (CNA)
Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038

Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5.

Affected Products
Vendor
The Drupal AssociationDrupal
Product
Open Social
Collection URL
https://www.drupal.org/project/social
Repo
https://git.drupalcode.org/project/social
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 12.3.8 (semver)
  • From 12.4.0 before 12.4.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-799CWE-799 Improper Control of Interaction Frequency
Type: CWE
CWE ID: CWE-799
Description: CWE-799 Improper Control of Interaction Frequency
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-212CAPEC-212 Functionality Misuse
CAPEC ID: CAPEC-212
Description: CAPEC-212 Functionality Misuse
Solutions
Configurations
Workarounds
Exploits
Credits
finder
vnech
remediation developer
Ronald te Brake
remediation developer
vnech
coordinator
Greg Knaddison
coordinator
Juraj Nemec
coordinator
Heine Deelstra
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.drupal.org/sa-contrib-2024-038
N/A
Hyperlink: https://www.drupal.org/sa-contrib-2024-038
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mlhess@drupal.org
Published At:09 Jan, 2025 | 20:15
Updated At:14 Jan, 2025 | 17:15

Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-799Secondarymlhess@drupal.org
CWE ID: CWE-799
Type: Secondary
Source: mlhess@drupal.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.drupal.org/sa-contrib-2024-038mlhess@drupal.org
N/A
Hyperlink: https://www.drupal.org/sa-contrib-2024-038
Source: mlhess@drupal.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2024-13275
Matching Score-8
Assigner-Drupal.org
ShareView Details
Matching Score-8
Assigner-Drupal.org
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.22%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 19:27
Updated-02 Sep, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Security Kit - Less critical - Denial of Service - SA-CONTRIB-2024-039

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3.

Action-Not Available
Vendor-security_kit_projectThe Drupal Association
Product-security_kitSecurity Kit
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-13080
Matching Score-8
Assigner-Drupal.org
ShareView Details
Matching Score-8
Assigner-Drupal.org
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 16:54
Updated-24 Nov, 2025 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

Action-Not Available
Vendor-The Drupal Association
Product-drupalDrupal core
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-10929
Matching Score-8
Assigner-Drupal.org
ShareView Details
Matching Score-8
Assigner-Drupal.org
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.90%
||
7 Day CHG+0.04%
Published-29 Oct, 2025 | 23:14
Updated-12 Dec, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.

Action-Not Available
Vendor-reverse_proxy_header_projectThe Drupal Association
Product-reverse_proxy_headerReverse Proxy Header
CWE ID-CWE-1288
Improper Validation of Consistency within Input
CVE-2021-37910
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-3.7||LOW
EPSS-3.30% / 86.99%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 01:40
Updated-16 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication

ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-rt-ax55_firmwarert-ax3000tuf-ax3000_firmwarert-ax3000_firmwarert-ax58u_firmwaregt-axe11000_firmwarert-ax58ugt-axe11000rt-ax55tuf-ax3000RT-AX3000RT-AX55RT-AX58UTUF-AX3000GT-AXE11000
CWE ID-CWE-799
Improper Control of Interaction Frequency
CVE-2023-2758
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-3.7||LOW
EPSS-0.26% / 49.21%
||
7 Day CHG+0.05%
Published-31 May, 2023 | 14:09
Updated-09 Jan, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contec CONPROSYS HMI System (CHS) v3.5.2 Denial of Service

A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time.

Action-Not Available
Vendor-contecContec
Product-conprosys_hmi_systemCONPROSYS HMI System
CWE ID-CWE-799
Improper Control of Interaction Frequency
CVE-2025-13211
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 19:45
Updated-15 Dec, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Orchestrator Denial of Service

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-aspera_orchestratorlinux_kernelAspera Orchestrator
CWE ID-CWE-799
Improper Control of Interaction Frequency
Details not found