Login Sign Up

CVE-2024-55634

8.1 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in Drupal Core allows attackers to escalate privileges, potentially gaining administrative access to Drupal sites. It affects Drupal installations running vulnerable versions from 8.0.0 through 11.0.7. All Drupal sites using affected versions are at risk.

💻 Affected Systems

Products:
  • Drupal Core
Versions: 8.0.0 to 10.2.10, 10.3.0 to 10.3.8, 11.0.0 to 11.0.7
Operating Systems: All operating systems running Drupal
Default Config Vulnerable: ⚠️ Yes
Notes: All Drupal installations using affected versions are vulnerable regardless of configuration.

📦 What is this software?

Drupal by Drupal

View all CVEs affecting Drupal →

Drupal by Drupal

View all CVEs affecting Drupal →

Drupal by Drupal

View all CVEs affecting Drupal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control over the Drupal site, allowing them to modify content, install malicious modules, access sensitive data, or compromise the underlying server.

🟠

Likely Case

Attackers with existing low-privilege accounts escalate to administrative privileges, enabling content manipulation, user management, and potential further system compromise.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to unauthorized privilege changes that can be detected and reversed.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires some level of access to the Drupal site, but detailed technical information is not publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.2.11, 10.3.9, 11.0.8

Vendor Advisory: https://www.drupal.org/sa-core-2024-004

Restart Required: No

Instructions:

1. Backup your Drupal site and database. 2. Update Drupal Core to the patched version using Composer: 'composer update drupal/core-recommended --with-dependencies'. 3. Run database updates: 'drush updatedb' or via admin interface. 4. Clear caches: 'drush cr' or via admin interface.

🔧 Temporary Workarounds

Temporary Access Restriction

all

Restrict user account creation and privilege changes until patching can be completed.

🧯 If You Can't Patch

  • Implement strict access controls and monitor user privilege changes closely.
  • Isolate the Drupal instance from other critical systems and implement network segmentation.

🔍 How to Verify

Check if Vulnerable:

Check Drupal version via admin interface at /admin/reports/status or run 'drush status' to see Drupal version.

Check Version:

drush status | grep 'Drupal version'

Verify Fix Applied:

Verify version is 10.2.11, 10.3.9, or 11.0.8 or higher using same methods.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected user role changes
  • Administrative actions from non-admin users
  • Failed permission escalation attempts

Network Indicators:

  • Unusual authentication patterns to admin interfaces

SIEM Query:

source="drupal" AND (event_type="user_role_change" OR event_type="permission_grant")

📊 Metadata

CVE ID: CVE-2024-55634
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-178
Published: December 10, 2024
Last Updated: June 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55634, you might also want to check these:

CVE-2022-29604 9.8

This vulnerability in ONOS (Open Network Operating System) causes improper handling of case sensitiv...

Same vulnerability type (CWE-178)
CVE-2023-3545 9.8

This vulnerability allows unauthenticated attackers to bypass file upload security in Chamilo LMS on...

Same vulnerability type (CWE-178)
CVE-2026-27588 9.1

Caddy servers with host lists exceeding 100 entries have a case-sensitivity vulnerability in the HTT...

Same vulnerability type (CWE-178)