CVE-2024-55634
published 2024-12-10CVE-2024-55634: A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0…
PriorityP349high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.40%
31.9th percentile
A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | core | >= 10.3.0 < 10.3.9 | 10.3.9 |
| drupal | core | >= 11.0.0 < 11.0.8 | 11.0.8 |
| drupal | core | >= 8.0.0 < 10.2.11 | 10.2.11 |
| drupal | core-recommended | >= 10.3.0 < 10.3.9 | 10.3.9 |
| drupal | core-recommended | >= 11.0.0 < 11.0.8 | 11.0.8 |
| drupal | core-recommended | >= 8.0.0 < 10.2.11 | 10.2.11 |
| drupal | drupal | >= 10.3.0 < 10.3.9 | 10.3.9 |
| drupal | drupal | >= 10.3.0 < 10.3.9 | 10.3.9 |
| drupal | drupal | >= 11.0.0 < 11.0.8 | 11.0.8 |
| drupal | drupal | >= 11.0.0 < 11.0.8 | 11.0.8 |
| drupal | drupal | >= 8.0.0 < 10.2.11 | 10.2.11 |
| drupal | drupal | >= 8.0.0 < 10.2.11 | 10.2.11 |
| drupal | drupal_core | — | — |
| drupal | drupal_core | >= 10.3.0 < 10.3.9 | 10.3.9 |
| drupal | drupal_core | >= 11.0.0 < 11.0.8 | 11.0.8 |
| drupal | drupal_core | >= 8.0.0 < 10.2.11 | 10.2.11 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
osv8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Drupal core Access bypass
osv·2024-12-10
CVE-2024-55634 [MEDIUM] Drupal core Access bypass
Drupal core Access bypass
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
GHSA
Drupal core Access bypass
ghsa·2024-12-10
CVE-2024-55634 [MEDIUM] CWE-178 Drupal core Access bypass
Drupal core Access bypass
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
OSV
CVE-2024-55634: A vulnerability in Drupal Core allows Privilege Escalation
osv·2024-12-10·CVSS 8.1
CVE-2024-55634 [HIGH] CVE-2024-55634: A vulnerability in Drupal Core allows Privilege Escalation
A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
OSV
CVE-2024-55634: Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation
osv·2024-11-20
CVE-2024-55634 CVE-2024-55634: Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation.
As a result, a user may be able to register with the same email address as another user.
This may lead to data integrity issues.
Drupal
Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004
vendor_drupal·2024-11-20
CVE-2024-55634 [MEDIUM] Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004
Title: Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004
Vulnerability Type: Access bypass
Description: Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues.
Solution: Install the latest version: If you are using Drupal 10.2, update to Drupal 10.2.11. If you are using Drupal 10.3, update to Drupal 10.3.9. If you are using Drupal 11.0, update to Drupal 11.0.8. Drupal 7 is not affected. All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. ( Drupal 8 and Drupal 9 have both reached end-of-life.) Updating Drupal will not solve potential iss
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-10
Published