Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Project:
Date:
2024-November-06
Vulnerability:
Access bypass
CVE IDs:
CVE-2024-13291
Description:
The module provides a possibility to restrict access to specific paths using
basic HTTP authentication, in addition to standard Drupal access checks.
In some cases, the module removes existing access checks from some paths, resulting in an access bypass vulnerability.
Solution:
Install the latest version:
- If you use the Basic HTTP Authentication module for Drupal 7.x, upgrade to Basic Authentication 7.x-1.4
Reported By:
Fixed By:
- Roderik Muit
- Ivo Van Geertruyen of the Drupal Security Team
Coordinated By:
- Ivo Van Geertruyen of the Drupal Security Team
