CVE-2024-13243

Name of the Vulnerable Software and Affected Versions Drupal Entity Delete Log versions 0.0.0 through 1.1.1

Description The issue is related to a lack of authorization in the Drupal Entity Delete Log, which allows for forceful browsing. This can enable a remote attacker to bypass security restrictions and perform a forceful browsing attack.

Recommendations For versions 0.0.0 through 1.1.1, update to a version that includes the fix for this issue to prevent forceful browsing attacks. As a temporary workaround, consider restricting access to the Entity Delete Log module until a patch is available.