Cyber Posture

CVE-2024-13280

Critical

Published: 09 January 2025

Published
09 January 2025
Modified
02 September 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0017 38.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries can use stolen session cookies to authenticate to web applications and services.

Security Summary

CVE-2024-13280 is an Insufficient Session Expiration vulnerability (CWE-613) in the Drupal Persistent Login module that allows Forceful Browsing. The issue affects Persistent Login versions from 0.0.0 before 1.8.0 and from 2.0.* before 2.2.2. Published on 2025-01-09, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

Remote attackers require no privileges, authentication, or user interaction to exploit this over the network with low complexity. Exploitation enables high-impact effects on confidentiality, integrity, and availability, such as unauthorized access through persistent sessions that fail to expire properly, potentially allowing session hijacking or forceful browsing to sensitive areas.

The Drupal security advisory SA-CONTRIB-2024-044 at https://www.drupal.org/sa-contrib-2024-044 provides details on mitigation, including patches for upgrading to Persistent Login 1.8.0 or 2.2.2.

Details

CWE(s)
CWE-613

Affected Products

persistent login project
persistent login
≤ 1.8.0 · 2.0.0 — 2.1.1 · 2.2.0 — 2.2.2

MITRE ATT&CK Enterprise Techniques

T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
T1550.004 Web Session Cookie Lateral Movement
Adversaries can use stolen session cookies to authenticate to web applications and services.
attack.mitre.org →
Why these techniques?

The vulnerability enables continued access using stolen persistent login cookies (web session cookies) even after a user account is disabled, facilitating Valid Accounts (T1078) and Use Alternate Authentication Material: Web Session Cookie (T1550.004).

References