CVE-2024-13243
📋 TL;DR
This CVE describes a Missing Authorization vulnerability in the Drupal Entity Delete Log module that allows attackers to perform forceful browsing to access unauthorized functionality. It affects all Drupal sites using Entity Delete Log module versions before 1.1.1. The vulnerability enables unauthorized users to bypass access controls.
💻 Affected Systems
- Drupal Entity Delete Log module
📦 What is this software?
Entity Delete Log by Entity Delete Log Project
⚠️ Risk & Real-World Impact
Worst Case
Attackers could delete or manipulate entity logs without authorization, potentially covering tracks of other malicious activities or disrupting audit trails.
Likely Case
Unauthorized users accessing entity deletion logs they shouldn't see, potentially exposing sensitive information about content deletions.
If Mitigated
With proper access controls and module updates, the risk is limited to authorized users only accessing their permitted data.
🎯 Exploit Status
Exploitation requires some Drupal knowledge but is straightforward once an attacker identifies the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.1
Vendor Advisory: https://www.drupal.org/sa-contrib-2024-007
Restart Required: No
Instructions:
1. Update the Entity Delete Log module to version 1.1.1 or later via Drupal's update manager or Composer. 2. Clear Drupal caches after update. 3. Verify the module is functioning correctly.
🔧 Temporary Workarounds
Disable Entity Delete Log module
allTemporarily disable the vulnerable module until patching is possible
drush pm:disable entity_delete_log
Implement access control via Drupal permissions
allReview and restrict user permissions for entity deletion logging
🧯 If You Can't Patch
- Implement strict network access controls to limit who can access the Drupal admin interface
- Enable detailed logging and monitoring for unauthorized access attempts to entity deletion endpoints
🔍 How to Verify
Check if Vulnerable:
Check if Entity Delete Log module is installed and its version is below 1.1.1 via Drupal's Extend page or using 'drush pm:list | grep entity_delete_log'Check Version:
drush pm:list --fields=name,version | grep entity_delete_logVerify Fix Applied:
Confirm module version is 1.1.1 or higher and test that unauthorized users cannot access entity deletion logs📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to entity deletion log endpoints
- Multiple failed permission checks for entity_delete_log routes
Network Indicators:
- Unusual requests to /admin/reports/entity-delete-log or similar entity logging paths
SIEM Query:
source="drupal" AND (uri_path="*entity-delete-log*" OR module="entity_delete_log") AND (response_code=403 OR user_role!="administrator")