Nikolay Lobachev

**Name of the Vulnerable Software and Affected Versions** Drupal Group invite versions 0.0.0 through 2.3.8 Drupal Group invite versions 3.0.0 through 3.0.3 Drupal Group invite versions 4.0.0 through 4.0.3 **Description** An improper check for unusual or exceptional conditions exists in the Group invite module, potentially allowing forceful browsing. The issue arises from insufficient access checks under specific circumstances, which could allow unauthorized users to access group content. This is mitigated by the fact that the vulnerability only occurs when uncommon actions are taken by a user with permission to create group invites. **Recommendations** Update Drupal Group invite to version 2.3.9 or later. Update Drupal Group invite to version 3.0.4 or later. Update Drupal Group invite to version 4.0.4 or later.