CVE-2024-13303

CVE-2024-13303: Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069

Vendor Drupal
Product Download All Files
Weakness CWE-862 · Missing authorization
Published January 9, 2025
Last update January 10, 2025

CVSS base score

What the vulnerability does

01Description

Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2.

Key dates

02Disclosure timeline

January 9, 2025 CVE published
January 10, 2025 Record updated