Taras Kruts

**Name of the Vulnerable Software and Affected Versions** Open Social versions 0.0.0 through 12.0.4 **Description** The issue is related to improper authorization in Drupal Open Social, allowing the collection of data from common resource locations. This can potentially lead to unauthorized access to protected information. The vulnerability is associated with deficiencies in the authorization procedure of the social group flexible group module in the Open Social CMS system of Drupal. **Recommendations** For Open Social versions 0.0.0 through 12.0.4, update to version 12.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the social group flexible group module to minimize the risk of exploitation.