CVE-2024-13280

The CVE concerns the Drupal Persistent Login module and an insufficient session expiration vulnerability that allows forceful browsing (access bypass). Affected versions are 0.0.0–before 1.8.0 and 2.0.* before 2.2.2. The root cause, as described in linked advisories, is improper session/cookie ha...