CVE-2024-13272 - Vulnerability Details - OpenCVE

Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.drupal.org/sa-contrib-2024-036

History

Thu, 09 Jan 2025 19:30:00 +0000

Type	Values Removed	Values Added
Description		Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.
Title		Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036
Weaknesses		CWE-1220
References		https://www.drupal.org/sa-contrib-2024-036

MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2025-01-09T19:20:41.907Z

Updated: 2025-01-09T19:20:41.907Z

Reserved: 2025-01-09T18:28:07.546Z

Link: CVE-2024-13272

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-01-09T20:15:36.027

Modified: 2025-01-09T20:15:36.027

Link: CVE-2024-13272

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-13272", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2025-01-09T18:28:07.546Z", "datePublished": "2025-01-09T19:20:41.907Z", "dateUpdated": "2025-01-09T19:20:41.907Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.drupal.org/project/paragraphs_table", "defaultStatus": "unaffected", "product": "Paragraphs table", "repo": "https://git.drupalcode.org/project/paragraphs_table", "vendor": "Drupal", "versions": [{"lessThan": "1.23.0", "status": "affected", "version": "0.0.0", "versionType": "semver"}, {"lessThan": "2.0.2", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "James Williams"}, {"lang": "en", "type": "remediation developer", "value": "James Williams"}, {"lang": "en", "type": "remediation developer", "value": "NGUYEN Bao"}, {"lang": "en", "type": "remediation developer", "value": "Steven Jones"}, {"lang": "en", "type": "remediation developer", "value": "Joseph Olstad"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison"}, {"lang": "en", "type": "coordinator", "value": "Jess"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec"}], "datePublic": "2024-09-04T15:42:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.<p>This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.</p>"}], "value": "Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2."}], "impacts": [{"capecId": "CAPEC-148", "descriptions": [{"lang": "en", "value": "CAPEC-148 Content Spoofing"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1220", "description": "CWE-1220 Insufficient Granularity of Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2025-01-09T19:20:41.907Z"}, "references": [{"url": "https://www.drupal.org/sa-contrib-2024-036"}], "source": {"discovery": "UNKNOWN"}, "title": "Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}