CVE-2024-13276

CVE-2024-13276: File Entity (fieldable files) - Moderately critical - Information Disclosure - SA-CONTRIB-2024-040

Vendor Drupal
Product File Entity (fieldable files)
Weakness CWE-201
Published January 9, 2025
Last update January 10, 2025

CVSS base score

What the vulnerability does

01Description

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39.

Key dates

02Disclosure timeline

January 9, 2025 CVE published
January 10, 2025 Record updated