DNA View

CVE-2024-11942

Medium

Low Medium High Critical

5.9

CVSS Score

Published: Dec 05, 2024

Last Modified: Jun 02, 2025

CWE: CWE-390

Vulnerability Description

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

22 configuration(s) from 1 vendor(s)

drupal

Version:

10.0.0

CPE:

cpe:2.3:a:drupal:drupal:10.0.0:rc1:*:*:*:*:*:*

drupal

Version:

10.0.3

CPE:

cpe:2.3:a:drupal:drupal:10.0.3:*:*:*:*:*:*:*

drupal

Version:

10.1.8

CPE:

cpe:2.3:a:drupal:drupal:10.1.8:*:*:*:*:*:*:*

drupal

Version:

10.0.8

CPE:

cpe:2.3:a:drupal:drupal:10.0.8:*:*:*:*:*:*:*

drupal

Version:

10.0.2

CPE:

cpe:2.3:a:drupal:drupal:10.0.2:*:*:*:*:*:*:*

drupal

Version:

10.1.0

CPE:

cpe:2.3:a:drupal:drupal:10.1.0:alpha1:*:*:*:*:*:*

drupal

Version:

10.0.6

CPE:

cpe:2.3:a:drupal:drupal:10.0.6:*:*:*:*:*:*:*

drupal

Version:

10.2.0

CPE:

cpe:2.3:a:drupal:drupal:10.2.0:-:*:*:*:*:*:*

drupal

Version:

10.0.7

CPE:

cpe:2.3:a:drupal:drupal:10.0.7:*:*:*:*:*:*:*

drupal

Version:

10.0.9

CPE:

cpe:2.3:a:drupal:drupal:10.0.9:*:*:*:*:*:*:*

drupal

Version:

10.1.4

CPE:

cpe:2.3:a:drupal:drupal:10.1.4:*:*:*:*:*:*:*

drupal

Version:

10.1.3

CPE:

cpe:2.3:a:drupal:drupal:10.1.3:*:*:*:*:*:*:*

drupal

Version:

10.0.1

CPE:

cpe:2.3:a:drupal:drupal:10.0.1:*:*:*:*:*:*:*

drupal

Version:

10.1.2

CPE:

cpe:2.3:a:drupal:drupal:10.1.2:*:*:*:*:*:*:*

drupal

Version:

10.0

CPE:

cpe:2.3:a:drupal:drupal:10.0:-:*:*:*:*:*:*

drupal

Version:

10.1.5

CPE:

cpe:2.3:a:drupal:drupal:10.1.5:*:*:*:*:*:*:*

drupal

Version:

10.0.11

CPE:

cpe:2.3:a:drupal:drupal:10.0.11:*:*:*:*:*:*:*

drupal

Version:

10.0.10

CPE:

cpe:2.3:a:drupal:drupal:10.0.10:*:*:*:*:*:*:*

drupal

Version:

10.0.5

CPE:

cpe:2.3:a:drupal:drupal:10.0.5:*:*:*:*:*:*:*

drupal

Version:

10.1.1

CPE:

cpe:2.3:a:drupal:drupal:10.1.1:*:*:*:*:*:*:*

drupal

Version:

10.0.4

CPE:

cpe:2.3:a:drupal:drupal:10.0.4:*:*:*:*:*:*:*

drupal

Version:

10.2.2

CPE:

cpe:2.3:a:drupal:drupal:10.2.2:*:*:*:*:*:*:*

This vulnerability affects 22 software configuration(s). Ensure you patch all affected systems.

References & Resources

https://www.drupal.org/sa-core-2024-002
mlhess@drupal.org Vendor Advisory

Severity Details

5.9

out of 10.0

Medium

Weakness Type (CWE)

CWE-390

Detection of Error Condition Without Action

Description: The product detects a specific error, but takes no actions to handle the error.
Exploit Likelihood: Medium
Typical Severity: Medium
Abstraction Level: Base

View CWE Details on MITRE

Key Information

Published Date: December 05, 2024

External Resources

NIST NVD

National Vulnerability Database

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages

CVE-2024-11942

Vulnerability Description

CVSS Metrics

Known Affected Software

drupal

References & Resources

Severity Details

Weakness Type (CWE)

Key Information

External Resources