PT-2025-2089 · Drupal · Content Entity Clone
Greg Knaddison
+3
·
Published
2024-09-04
·
Updated
2025-08-27
·
CVE-2024-13271
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Content Entity Clone versions 0.0.0 through 1.0.4
Description
The issue is related to incorrect authorization in the Content Entity Clone module for Drupal, allowing forceful browsing. This can enable a remote attacker to disclose protected information.
Recommendations
For versions 0.0.0 through 1.0.4, update to a version newer than 1.0.4 to resolve the issue.
As a temporary workaround, consider restricting access to the Content Entity Clone module until a patch is available.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Content Entity Clone