Vulnerability from drupal
Published
2024-03-06 17:06
Modified
2025-02-20 19:08
Summary
Details

The Registration role module lets an administrator select a role (or multiple roles) to automatically assign to new users. The selected role (or roles) will be assigned to new registrants.

The module has a logic error when handling sites that upgraded code and did not run the Drupal update process (e.g. update.php).

This vulnerability is mitigated by the fact that the problem does not exist on sites that followed the process of updating code and running the standard updates.

Credits
Pamela Barone www.drupal.org/user/1431110
Renaud Joubert www.drupal.org/user/549974
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "affected_versions": "\u003c2.0.1"
      },
      "package": {
        "ecosystem": "Packagist:https://packages.drupal.org/8",
        "name": "drupal/registration_role"
      },
      "ranges": [
        {
          "database_specific": {
            "constraint": "\u003c2.0.1"
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "severity": []
    }
  ],
  "aliases": [
    "CVE-2024-13251"
  ],
  "credits": [
    {
      "contact": [
        "https://www.drupal.org/user/1431110"
      ],
      "name": "Pamela Barone"
    },
    {
      "contact": [
        "https://www.drupal.org/user/549974"
      ],
      "name": "Renaud Joubert"
    }
  ],
  "details": "The Registration role module lets an administrator select a role (or multiple roles) to automatically assign to new users. The selected role (or roles) will be assigned to new registrants.\n\nThe module has a logic error when handling sites that upgraded code and did not run the Drupal update process (e.g. update.php).\n\nThis vulnerability is mitigated by the fact that the problem does not exist on sites that followed the process of updating code and running the standard updates.",
  "id": "DRUPAL-CONTRIB-2024-015",
  "modified": "2025-02-20T19:08:51.000Z",
  "published": "2024-03-06T17:06:37.000Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2024-015"
    }
  ],
  "schema_version": "1.7.0"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.