CVE-2024-13249 – This vulnerability in Drupal's Node Access Rebu... (How to Fix)

Q: What is the severity of CVE-2024-13249?

CVE-2024-13249 has a CVSS score of 5.4 (MEDIUM). This vulnerability in Drupal's Node Access Rebuild Progressive module allows attackers to influence target selection through framing techniques, potentially manipulating access control rebuilding processes. It affects Drupal 7 sites using the Node Access Rebuild Progressive module versions 7.x-1.0 through 7.x-1.1.

📋 TL;DR

This vulnerability in Drupal's Node Access Rebuild Progressive module allows attackers to influence target selection through framing techniques, potentially manipulating access control rebuilding processes. It affects Drupal 7 sites using the Node Access Rebuild Progressive module versions 7.x-1.0 through 7.x-1.1.

💻 Affected Systems

Products:

Drupal Node Access Rebuild Progressive module

Versions: 7.x-1.0 through 7.x-1.1

Operating Systems: Any OS running Drupal 7

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Drupal 7 installations with the Node Access Rebuild Progressive module enabled.

📦 What is this software?

Node Access Rebuild Progressive by Node Access Rebuild Progressive Project

View all CVEs affecting Node Access Rebuild Progressive →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could manipulate node access control lists, potentially granting unauthorized access to restricted content or disrupting access control functionality across the site.

🟠

Likely Case

Limited manipulation of access control rebuilding processes, potentially causing temporary access control inconsistencies or minor privilege escalation.

🟢

If Mitigated

Minimal impact with proper module configuration and access controls, though the vulnerability still exists in the codebase.

🌐 Internet-Facing: MEDIUM - The vulnerability requires specific conditions and user interaction, but affects publicly accessible Drupal sites.

🏢 Internal Only: LOW - Internal systems are less likely to be targeted, but the vulnerability still exists if the module is installed.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires specific framing techniques and likely some level of access to influence the target selection process.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.x-1.2

Vendor Advisory: https://www.drupal.org/sa-contrib-2024-013

Restart Required: No

Instructions:

1. Update the Node Access Rebuild Progressive module to version 7.x-1.2 or later. 2. Clear Drupal caches. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable vulnerable module

linux

Temporarily disable the Node Access Rebuild Progressive module until patched

drush pm-disable node_access_rebuild_progressive

🧯 If You Can't Patch

Restrict access to administrative interfaces that use the Node Access Rebuild Progressive module
Implement additional access controls and monitoring for node access changes

🔍 How to Verify

Check if Vulnerable:

Check if Node Access Rebuild Progressive module is installed and version is between 7.x-1.0 and 7.x-1.1

Check Version:

drush pmi node_access_rebuild_progressive | grep Version

Verify Fix Applied:

Verify module version is 7.x-1.2 or later and test node access rebuilding functionality

📡 Detection & Monitoring

Log Indicators:

Unusual node access rebuild activities
Multiple access control changes from single sessions

Network Indicators:

Unusual framing requests to administrative interfaces

SIEM Query:

source="drupal" AND ("node_access_rebuild" OR "access control") AND status="warning" OR status="error"

📊 Metadata

CVE ID: CVE-2024-13249

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-282

EPSS Score: 0.09% exploit probability (26.2th percentile)

Published: January 9, 2025

Last Updated: June 4, 2025

🔗 References

https://www.drupal.org/sa-contrib-2024-013 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13249, you might also want to check these: