Auth bypass in Drupal Login Disable

CVE-2024-13309

Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1.

Vulnerability class: Broken Authentication

EPSS: 0.003 (49.9th percentile) — read the EPSS interpretation.

Affected products

Drupal Login Disable — versions 2.0.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

www.drupal.org/sa-contrib-2024-073