DRUPAL-CONTRIB-2024-056

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/ohdear_integration/DRUPAL-CONTRIB-2024-056.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-056
Aliases
  • CVE-2024-13290
Published
2024-10-30T17:11:24Z
Modified
2025-12-10T23:41:30.308172Z
Summary
[none]
Details

Integrates your Drupal website with the Oh Dear monitoring app.

Cached data of monitoring results is accessible to non-logged in users when caching is enabled on the module.

This vulnerability is mitigated by the fact that it only affects sites where caching is enabled for OhDear report healthcheck endpoint. It is not enabled by default and there's no UI option to do it. It has to be done directly in the ohdear_integration.settings.yml.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/ohdear_integration

Package

Name
drupal/ohdear_integration
Purl
pkg:composer/drupal/ohdear_integration

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.4
Database specific
{
    "constraint": "<2.0.4"
}

Database specific

affected_versions
"<2.0.4"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/ohdear_integration/DRUPAL-CONTRIB-2024-056.json"