PT-2024-10348 · Drupal · Drupal Responsive/Off-Canvas Menu
Collinhaines
+4
·
Published
2024-08-21
·
Updated
2025-08-27
·
CVE-2024-13266
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Responsive and off-canvas menu versions 0.0.0 through 4.4.3
Description
The issue is related to an Incorrect Authorization vulnerability in the Drupal Responsive and off-canvas menu, which allows for Forceful Browsing. This means that a remote attacker can bypass security restrictions and perform unauthorized actions.
Recommendations
For versions 0.0.0 through 4.4.3, update to version 4.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the menu module to minimize the risk of exploitation.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Responsive/Off-Canvas Menu