DRUPAL-CONTRIB-2024-022

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/rest_api_authentication/DRUPAL-CONTRIB-2024-022.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-022

Aliases

CVE-2024-13258

Published

2024-05-29T16:44:55Z

Modified

2025-12-10T23:41:27.927944Z

Summary

[none]

Details

Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider Authentication, etc.

The module doesn't sufficiently control user access when using Basic Authentication.

References

https://www.drupal.org/sa-contrib-2024-022

Credits

- Arek Suchecki
- - https://www.drupal.org/user/3553379

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/rest_api_authentication

Package

Name: drupal/rest_api_authentication
Purl: pkg:composer/drupal/rest_api_authentication

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

2.0.13

Database specific

{
    "constraint": "<2.0.13"
}

Database specific

affected_versions

"<2.0.13"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/rest_api_authentication/DRUPAL-CONTRIB-2024-022.json"