Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2024-13255

Exposure of Sensitive Information Through Data Queries

Published: Jan 09, 2025 | Modified: Jun 04, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-13255
CWEhttps://cwe.mitre.org/data/definitions/202.html

Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10.

Weakness

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

Affected Software

Name Vendor Start Version End Version
Restful_web_services Restful_web_services_project 7.x-2.0 (including) 7.x-2.10 (excluding)

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use