CVE-2024-55634

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions: Drupal Core versions 8.0.0 through 10.2.11 Drupal Core versions 10.3.0 through 10.3.9 Drupal Core versions 11.0.0 through 11.0.8

Description: A vulnerability in Drupal Core allows privilege escalation. This issue is related to inconsistencies in uniqueness checking for certain user fields, depending on the database engine and its collation, which may lead to data integrity issues.

Recommendations: For Drupal Core versions 8.0.0 through 10.2.11, update to a version after 10.2.11. For Drupal Core versions 10.3.0 through 10.3.9, update to a version after 10.3.9. For Drupal Core versions 11.0.0 through 11.0.8, update to a version after 11.0.8.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-178CWE-289CWE-287

Related Identifiers

BDU:2024-11070

BIT-DRUPAL-2024-55634

CVE-2024-55634

DRUPAL-CORE-2024-004

GHSA-7CWC-FJQM-8VH8

Affected Products

Drupal Core

CVE-2024-55634

Weakness Enumeration

Related Identifiers

Affected Products

References · 19