Date: 
2024-October-30
Vulnerability: 
Access bypass
Affected versions: 
<2.0.4
CVE IDs: 
CVE-2024-13290
Description: 

Integrates your Drupal website with the Oh Dear monitoring app.

Cached data of monitoring results is accessible to non-logged in users when caching is enabled on the module.

This vulnerability is mitigated by the fact that it only affects sites where caching is enabled for OhDear report healthcheck endpoint. It is not enabled by default and there's no UI option to do it. It has to be done directly in the ohdear_integration.settings.yml.

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: