PT-2025-2090 · Unknown+1 · Drupal Cms+1
Greg Knaddison
+3
·
Published
2024-09-04
·
Updated
2025-01-14
·
CVE-2024-13274
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Open Social versions 0.0.0 through 12.3.8
Open Social versions 12.4.0 through 12.4.5
Description
The issue is related to insufficient control over interaction frequency in the Open Social module of the Drupal CMS system. This can be exploited by a remote attacker to cause a denial of service. The problem allows for misuse of functionality due to improper control of interaction frequency.
Recommendations
For Open Social versions 0.0.0 through 12.3.8, update to a version after 12.3.8 to resolve the issue.
For Open Social versions 12.4.0 through 12.4.5, update to a version after 12.4.5 to resolve the issue.
As a temporary workaround, consider restricting access to the password reset form to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Cms
Open Social