As an academic group, we wanted to improve the look and feel of our website on a tight budget. The team at Project Ricochet was consistently responsive to our concerns and willing to help us meet our goals. They were transparent with their costs, which allowed us to pick and choose which features and changes we deemed most important. Thanks to this transparency, our new website is a substantial improvement over the old that we were able to achieve in a cost-effective fashion.
—Justin Inman, UCSF

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-062

Wed, 2022-11-30 07:34 — Anonymous (not verified)

Project: Open SocialDate: 2022-November-30Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassAffected versions: >=11.4.0 <11.4.9 || >=11.5.0 <11.5.1Description: Social Private Message module allows users on the platform to allow users to send private messages to each other.
The module does not properly perform the correct access checks for certain operations.Solution: Install the latest version:

If you use the Open Social distribution for Drupal 9.x, upgrade to Open Social 11.5.1
If you use the Open Social distribution for Drupal 9.x, upgrade to Open Social 11.4.9

Reported By:

zanvidmar

Fixed By:

Coordinated By:

Damien McKenna of the Drupal Security Team
Greg Knaddison of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2022-062

Search form

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-062