CVE-2024-13242

CVE-2024-13242 is an Exposed Dangerous Method or Function vulnerability in the Swift Mailer module for Drupal, enabling Resource Location Spoofing. This issue affects all versions of Swift Mailer (*.*). The vulnerability has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality and integrity.

Unauthenticated attackers on the network can exploit this vulnerability remotely with low complexity and no privileges or user interaction required. Successful exploitation allows attackers to spoof resource locations, potentially leading to high confidentiality and integrity impacts, such as unauthorized access to sensitive data or manipulation of resources, while availability remains unaffected.

The Drupal security advisory SA-CONTRIB-2024-006 at https://www.drupal.org/sa-contrib-2024-006 provides details on this vulnerability and mitigation recommendations.