Drupal · Drupal Entity Delete Log · CVE-2024-13243
**Name of the Vulnerable Software and Affected Versions**
Drupal Entity Delete Log versions 0.0.0 through 1.1.1
**Description**
The issue is related to a lack of authorization in the Drupal Entity Delete Log, which allows for forceful browsing. This can enable a remote attacker to bypass security restrictions and perform a forceful browsing attack.
**Recommendations**
For versions 0.0.0 through 1.1.1, update to a version that includes the fix for this issue to prevent forceful browsing attacks.
As a temporary workaround, consider restricting access to the Entity Delete Log module until a patch is available.