CVE-2024-13309
EPSS 0.25%
描述
This module enables you to prevent existing users from logging in to your Drupal site unless they know the secret key to add to the end of the ?q=user login form page. The Login Disable module does not correctly prevent a user with a disabled login from logging in, allowing those users to by-pass the protection offered by the module. This vulnerability is mitigated by the fact that an attacker must already have a user account to log in. This bug therefore allows users to log in even if their login is disabled.
如何修補 CVE-2024-13309
要修補 CVE-2024-13309,請將受影響套件升級到下列已修補版本。
- Packagist/drupal/login_disable—升級至 2.1.1 或更新版本
CVE-2024-13309 正在被利用嗎?
低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- >= 2.0.0, < 2.1.1