Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005

Project: Open SocialDate: 2024-January-24Security risk: Moderately critical 13∕25 AC:None/A:User/CI:Some/II:None/E:Proof/TD:DefaultVulnerability: Information DisclosureAffected versions: <12.0.5Description: Open Social is a Drupal distribution for online communities.
The included optional social_group_flexible_group module doesn't sufficiently validate group updates. The lack of validation makes it possible to have content inside the group changing it's visibility, which could lead to that content being shown to a broader audience than intended.
This vulnerability is mitigated by the fact the module social_group_flexible_group needs to be enabled.Solution: Install the latest version of Open Social:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article