PT-2024-10360 · Drupal · Open Social
Damien Mckenna
+2
·
Published
2024-01-24
·
Updated
2025-01-10
·
CVE-2024-13241
CVSS v2.0
9.4
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Open Social versions 0.0.0 through 12.0.4
Description
The issue is related to improper authorization in Drupal Open Social, allowing the collection of data from common resource locations. This can potentially lead to unauthorized access to protected information. The vulnerability is associated with deficiencies in the authorization procedure of the social group flexible group module in the Open Social CMS system of Drupal.
Recommendations
For Open Social versions 0.0.0 through 12.0.4, update to version 12.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the social group flexible group module to minimize the risk of exploitation.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Social