CVE-2024-13251

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Drupal Registration role versions 0.0.0 through 2.0.0

Description The issue is related to an Incorrect Privilege Assignment vulnerability in the Drupal Registration role, which allows for Privilege Escalation. This vulnerability can be exploited by a remote attacker to bypass security restrictions and elevate their privileges.

Recommendations For versions 0.0.0 through 2.0.0, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Registration role to minimize the risk of exploitation.

Fix

LPE

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266

Related Identifiers

BDU:2025-00290

CVE-2024-13251

DRUPAL-CONTRIB-2024-015

Affected Products

Drupal Registration Role

CVE-2024-13251

Weakness Enumeration

Related Identifiers

Affected Products

References · 6