CVE-2024-13284 – This CSRF vulnerability in Drupal Gutenberg all... (How to Fix)

Q: What is the severity of CVE-2024-13284?

CVE-2024-13284 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in Drupal Gutenberg allows attackers to trick authenticated users into performing unintended actions on the Drupal site. It affects all Drupal sites using the Gutenberg module within specified vulnerable versions. Attackers could modify content, change settings, or perform other administrative actions without the user's knowledge.

📋 TL;DR

This CSRF vulnerability in Drupal Gutenberg allows attackers to trick authenticated users into performing unintended actions on the Drupal site. It affects all Drupal sites using the Gutenberg module within specified vulnerable versions. Attackers could modify content, change settings, or perform other administrative actions without the user's knowledge.

💻 Affected Systems

Products:

Drupal Gutenberg module

Versions: 0.0.0 to 2.12.999, 3.0.0 to 3.0.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Drupal sites with the Gutenberg module installed and enabled.

📦 What is this software?

Gutenberg by Drupalgutenberg

View all CVEs affecting Gutenberg →

Gutenberg by Drupalgutenberg

View all CVEs affecting Gutenberg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain administrative privileges, modify all site content, install malicious modules, or compromise the entire Drupal installation.

🟠

Likely Case

Attackers modify content, change configuration settings, or perform unauthorized actions using the victim's authenticated session.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to actions within the victim's existing permissions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to trick authenticated users into visiting malicious pages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.13.0 or 3.0.5

Vendor Advisory: https://www.drupal.org/sa-contrib-2024-048

Restart Required: No

Instructions:

1. Update Gutenberg module to version 2.13.0 or 3.0.5 via Drupal's update manager. 2. Clear Drupal caches. 3. Verify the update was successful.

🔧 Temporary Workarounds

CSRF Token Validation

all

Implement custom CSRF token validation for Gutenberg endpoints

🧯 If You Can't Patch

Disable the Gutenberg module if not essential
Implement web application firewall rules to block suspicious POST requests to Gutenberg endpoints

🔍 How to Verify

Check if Vulnerable:

Check Gutenberg module version in Drupal's Extend page or via drush: drush pm-list | grep gutenberg

Check Version:

drush pm-list --fields=name,version | grep gutenberg

Verify Fix Applied:

Confirm Gutenberg module version is 2.13.0 or higher (for 2.x) or 3.0.5 or higher (for 3.x)

📡 Detection & Monitoring

Log Indicators:

Multiple failed CSRF token validations
Unusual POST requests to /gutenberg/* endpoints

Network Indicators:

External domains making requests to Gutenberg endpoints
Suspicious referer headers in requests

SIEM Query:

source="drupal" AND (uri_path="/gutenberg/*" AND http_method="POST") AND NOT csrf_token_valid="true"

📊 Metadata

CVE ID: CVE-2024-13284

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

EPSS Score: 0.06% exploit probability (17.8th percentile)

Published: January 9, 2025

Last Updated: September 2, 2025

🔗 References

https://www.drupal.org/sa-contrib-2024-048 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13284, you might also want to check these: