CVE-2024-13248

Name of the Vulnerable Software and Affected Versions Drupal Private content versions 0.0.0 through 2.1.0

Description The issue is related to an incorrect privilege assignment in the Private content module of the Drupal CMS, allowing a remote attacker to bypass security restrictions and gain unauthorized access to protected information. This can be achieved through framing, which enables target influence.

Recommendations For versions 0.0.0 through 2.1.0, update to version 2.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Private content module to minimize the risk of exploitation.