DRUPAL-CONTRIB-2024-025

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/acquia_dam/DRUPAL-CONTRIB-2024-025.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-025

Aliases

CVE-2024-13261

Published

2024-06-05T16:45:02Z

Modified

2025-12-10T23:41:29.536987Z

Summary

[none]

Details

Acquia DAM provides a connection to a third-party asset management system, allowing for images to be managed, linked to, and viewed from Drupal. In order for assets to be managed in Drupal, a site administrator must first authenticate the site to their DAM instance.

The module doesn't sufficiently protect the ability to disconnect a site from DAM. While disconnected sites do not lose asset data in Drupal, it will prevent site editors from accessing the DAM until a site administrator re-authenticates the site. Some uncached media images may also fail to be fetched while disconnected.

References

https://www.drupal.org/sa-contrib-2024-025

Credits

- Matt Glaman
- - https://www.drupal.org/user/2416470

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/acquia_dam

Package

Name: drupal/acquia_dam
Purl: pkg:composer/drupal/acquia_dam

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.0.13

Database specific

{
    "constraint": "<1.0.13"
}

Type

ECOSYSTEM

Events

Introduced

1.1.0-beta1

Fixed

1.1.0-beta3

Database specific

{
    "constraint": ">=1.1.0-beta1 <1.1.0-beta3"
}

Database specific

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/acquia_dam/DRUPAL-CONTRIB-2024-025.json"

affected_versions

"<1.0.13 || >=1.1.0-beta1 <1.1.0-beta3"

patched

true