CVE-2024-13290

CVE-2024-13290: OhDear Integration - Moderately critical - Access bypass - SA-CONTRIB-2024-056

Vendor Drupal

Product OhDear Integration

Weakness CWE-863 · Incorrect authorization

Published January 9, 2025

Last update January 14, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4.

Key dates

02Disclosure timeline

January 9, 2025 CVE published

January 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-13290 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2026-33469 Authenticated Frigate users can read the full unredacted configuration via `/api/config/raw CVE-2024-13947 External System or Configuration Control CVE-2020-1729 CVE-2025-3913 Team Privacy Settings Authorization Bypass in Mattermost Server CVE-2026-32914 OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints