Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-061

Project: Open SocialDate: 2022-November-30Security risk: Moderately critical 13∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Access bypassAffected versions: >=11.4.0 <11.4.9 || >=11.5.0 <11.5.1Description: Social Flexible Group is an Open Social extension that allows users to create groups with many different configurations.
In specific uncommon scenarios, where a platform doesn't have any flexible groups with the "Group members only (secret)" visibility, community groups are visible to anonymous users on the /all-groups page. No other group information is revealed since group access is not affected by this issue.
This vulnerability is mitigated by creating a Flexible Group with visibility "Group members only (secret)".Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2022-061