PT-2025-2095 · Drupal · Drupal Persistent Login
Drew Webber
+3
·
Published
2024-10-02
·
Updated
2025-01-10
·
CVE-2024-13280
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Drupal Persistent Login versions 0.0.0 through 1.8.0
Drupal Persistent Login versions 2.0.* through 2.2.2
Description
The issue is related to insufficient session expiration in the Drupal Persistent Login module, allowing for forceful browsing. This can impact the confidentiality, integrity, and availability of protected information.
Recommendations
For versions 0.0.0 through 1.8.0, update to version 1.8.0 or later.
For versions 2.0.* through 2.2.2, update to version 2.2.2 or later.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Persistent Login