{"id":"CVE-2024-13276","summary":"File Entity (fieldable files) - Moderately critical - Information Disclosure - SA-CONTRIB-2024-040","details":"Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39.","modified":"2026-07-15T01:49:17.111463210Z","published":"2025-01-09T19:28:40.601Z","database_specific":{"cwe_ids":["CWE-201"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/13xxx/CVE-2024-13276.json","cna_assigner":"drupal"},"references":[{"type":"WEB","url":"https://git.drupalcode.org/project/file_entity"},{"type":"WEB","url":"https://www.drupal.org/project/file_entity"},{"type":"WEB","url":"https://www.drupal.org/sa-contrib-2024-040"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/13xxx/CVE-2024-13276.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-13276"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.drupalcode.org/project/file_entity","events":[{"introduced":"0"},{"fixed":"572004a6e5aeb1ab4202bf7c8057721c8df1a530"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"7.x-*"},{"fixed":"7.x-2.39"}]}}],"versions":["previous/project-update-bot-only/2024-06-18","7.x-2.38","7.x-2.37","7.x-2.36","7.x-2.35","7.x-2.34","7.x-2.33","7.x-2.32","7.x-2.30","7.x-2.29","7.x-2.28","7.x-2.27","7.x-2.26","7.x-2.25","7.x-2.24","7.x-2.23","7.x-2.22","7.x-2.21","7.x-2.20","7.x-2.19","7.x-2.18","7.x-2.17","7.x-2.16","7.x-2.15","7.x-2.14","7.x-2.12","7.x-2.11","7.x-2.10","7.x-2.9","7.x-2.8","7.x-2.7","7.x-2.6","7.x-2.5","7.x-2.4","7.x-2.3","7.x-2.2","7.x-2.1","7.x-2.0","7.x-2.0-beta4","7.x-2.0-beta3","7.x-2.0-beta2","7.x-2.0-beta1","7.x-2.0-alpha3","7.x-2.0-alpha2","7.x-2.0-alpha1","7.x-2.0-unstable7","7.x-2.0-unstable6","7.x-2.0-unstable5","7.x-2.0-unstable4","7.x-2.0-unstable3","7.x-2.0-unstable2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-13276.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}