CVE-2024-13291

Name of the Vulnerable Software and Affected Versions Drupal Basic HTTP Authentication versions 7.X-1.0 through 7.X-1.3 Drupal Basic HTTP Authentication versions prior to 7.X-1.4

Description The issue is related to insufficient authorization mechanisms in the Basic HTTP Authentication module of the Drupal CMS system. This allows a remote attacker to bypass existing security restrictions, enabling forceful browsing.

Recommendations For versions 7.X-1.0 through 7.X-1.3, update to version 7.X-1.4 or later to resolve the issue. For versions prior to 7.X-1.4, update to version 7.X-1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Basic HTTP Authentication module until a patch is available.