Corn696

**Name of the Vulnerable Software and Affected Versions** Open Social versions 11.8.0 through 12.3.10 Open Social versions 12.4.0 through 12.4.9 **Description** The issue is related to a lack of authorization in Drupal Open Social, which allows forceful browsing. This problem can be exploited by a remote attacker to bypass security restrictions and perform a forceful browsing attack. **Recommendations** For versions 11.8.0 through 12.3.10, update to a version after 12.3.10 to resolve the issue. For versions 12.4.0 through 12.4.9, update to a version after 12.4.9 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of Open Social to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open Social versions 0.0.0 through 12.04 **Description** The issue is related to improper access control in Drupal Open Social, allowing the collection of data from common resource locations. This can be exploited by a remote attacker to bypass security restrictions. **Recommendations** For Open Social versions 0.0.0 through 12.04, update to a version later than 12.04 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.