Entity Delete Log - Moderately critical - Access bypass - SA-CONTRIB-2024-007

Project: Entity Delete LogDate: 2024-January-31Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassAffected versions: <1.1.1Description: The Entity Delete Log module tracks the deletion of configured entity types, such as node or comments.
It does not add sufficient permission to the log report page, allowing an attacker to view information from deleted entities.Solution: Install the latest version:

Note: This release updates the default permissions for the entity_delete_log view. After the update, you may want to review that permission if you already changed it from the default.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2024-007