CVE-2024-13270

CVE-2024-13270: Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034

Vendor Drupal

Product Freelinking

Weakness CWE-863 · Incorrect authorization

Published January 9, 2025

Last update January 31, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1.

Key dates

02Disclosure timeline

January 9, 2025 CVE published

January 31, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-13270 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2026-32108 Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access CVE-2023-6837 Incorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User Impersonation CVE-2026-0562 Insecure Direct Object Reference (IDOR) in parisneo/lollms CVE-2024-10219 Incorrect Authorization in GitLab CVE-2026-44557 Open WebUI: Global Knowledge Base Enumeration via knowledge-bases Meta-Collection