Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
drupalDrupal Security TeamDRUPAL-SA-CONTRIB-2024-022
HistoryMay 29, 2024 - 12:00 a.m.

Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022

2024-05-2900:00:00
Drupal Security Team
www.drupal.org
10
drupal
rest
json
authentication
api
access bypass
sa-contrib-2024-022
security
oauth

7.3 High

AI Score

Confidence

Low

JSON

Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider Authentication, etc. The module doesn’t sufficiently control user access when using Basic Authentication.

Affected configurations

Vulners
Node
drupalnetforum_authenticationRange<2.0.13

7.3 High

AI Score

Confidence

Low

JSON