Drupal · Drupal Basic Http Authentication · CVE-2024-13291
**Name of the Vulnerable Software and Affected Versions**
Drupal Basic HTTP Authentication versions 7.X-1.0 through 7.X-1.3
Drupal Basic HTTP Authentication versions prior to 7.X-1.4
**Description**
The issue is related to insufficient authorization mechanisms in the Basic HTTP Authentication module of the Drupal CMS system. This allows a remote attacker to bypass existing security restrictions, enabling forceful browsing.
**Recommendations**
For versions 7.X-1.0 through 7.X-1.3, update to version 7.X-1.4 or later to resolve the issue.
For versions prior to 7.X-1.4, update to version 7.X-1.4 or later to resolve the issue.
As a temporary workaround, consider restricting access to the Basic HTTP Authentication module until a patch is available.