DRUPAL-CONTRIB-2025-120

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/login_time_restriction/DRUPAL-CONTRIB-2025-120.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-120

Aliases

CVE-2025-13982

Published

2025-12-03T18:48:37Z

Modified

2025-12-10T23:41:32.665423Z

Summary

[none]

Details

This module enables you to apply time-based login restrictions and display related warning or logout confirmation pages.

The module doesn't sufficiently protect its confirmation routes from cross-site request forgery (CSRF), allowing the logout confirmation route to be triggered without user interaction.

References

https://www.drupal.org/sa-contrib-2025-120

Credits

- Pierre Rudloff (prudloff)
- - https://www.drupal.org/u/prudloff

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/login_time_restriction

Package

Name: drupal/login_time_restriction
Purl: pkg:composer/drupal/login_time_restriction

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.0.3

Database specific

{
    "constraint": "<1.0.3"
}

Database specific

affected_versions

"<1.0.3"