Cyber Resilience

CVE-2024-13272

Medium

Published: 09 January 2025

Published
09 January 2025
Modified
27 August 2025
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0012 31.1th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13272 is a medium-severity Insufficient Granularity of Access Control (CWE-1220) vulnerability in Paragraphs Table Project Paragraphs Table. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is an access bypass and information disclosure in a public-facing Drupal web application module, enabling exploitation of public-facing applications for unauthorized content modification and data access.

Affected Assets

paragraphs table project
paragraphs table
≤ 1.23.0 · 2.0.0 — 2.0.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-1220

Use of granular security and privacy attributes enables finer access control than coarse permission models alone.

addresses: CWE-1220

Documenting interface characteristics enables more granular control over internal access.

addresses: CWE-1220

Requires the architecture to describe granularity and placement of controls, preventing insufficiently fine-grained access decisions.

addresses: CWE-1220

Provides the necessary granularity by placing system management functions outside the reach of user-level access controls.

addresses: CWE-1220

Isolation supplies an explicit, enforceable granularity boundary between security and non-security functions that coarser access-control schemes lack.

References