DRUPAL-CONTRIB-2024-007

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/entity_delete_log/DRUPAL-CONTRIB-2024-007.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-007
Aliases
  • CVE-2024-13243
Published
2024-01-31T17:22:36Z
Modified
2025-12-10T23:41:24.103436Z
Summary
[none]
Details

The Entity Delete Log module tracks the deletion of configured entity types, such as node or comments.

It does not add sufficient permission to the log report page, allowing an attacker to view information from deleted entities.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/entity_delete_log

Package

Name
drupal/entity_delete_log
Purl
pkg:composer/drupal/entity_delete_log

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1
Database specific 
{
    "constraint": "<1.1.1"
}

Database specific

source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/entity_delete_log/DRUPAL-CONTRIB-2024-007.json"
affected_versions 
"<1.1.1"