PT-2026-2978 · Drupal+2 · Group Invite+1
Greg Knaddison
+3
·
Publicado
2026-01-14
·
Atualizado
2026-02-04
·
CVE-2026-0944
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Group invite versions 0.0.0 through 2.3.8
Drupal Group invite versions 3.0.0 through 3.0.3
Drupal Group invite versions 4.0.0 through 4.0.3
Description
An improper check for unusual or exceptional conditions exists in the Group invite module, potentially allowing forceful browsing. The issue arises from insufficient access checks under specific circumstances, which could allow unauthorized users to access group content. This is mitigated by the fact that the vulnerability only occurs when uncommon actions are taken by a user with permission to create group invites.
Recommendations
Update Drupal Group invite to version 2.3.9 or later.
Update Drupal Group invite to version 3.0.4 or later.
Update Drupal Group invite to version 4.0.4 or later.
Correção
Improper Check for Exceptional Conditions
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Group Invite
Drupal/Ginvite