PT-2025-13845 · Drupal · Drupal Authenticator Login

Ahmed Raza

+2

·

Publicado

2025-03-31

·

Atualizado

2025-06-03

·

CVE-2025-31681

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Drupal Authenticator Login versions 0.0.0 through 2.0.5
Description The issue is related to a Missing Authorization vulnerability in Drupal Authenticator Login, which allows Forceful Browsing.
Recommendations For versions 0.0.0 through 2.0.5, update to version 2.0.6 or later to resolve the issue.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2025-31681
DRUPAL-CONTRIB-2025-009
GHSA-JWPX-6C4P-Q4JQ

Produtos afetados

Drupal Authenticator Login