CVE-2024-13241

EPSS 0.43%

Published: 1/24/2024Modified: 3/18/2026

Also known as:DRUPAL-CONTRIB-2024-005

Description

Open Social is a Drupal distribution for online communities. The included optional social\_group\_flexible\_group module doesn't sufficiently validate group updates. The lack of validation makes it possible to have content inside the group changing it's visibility, which could lead to that content being shown to a broader audience than intended. This vulnerability is mitigated by the fact the module social\_group\_flexible\_group needs to be enabled.

Affected packages (1)

Packagist/drupal/socialfrom 0, < 12.0.5

References (1)

WEBhttps://www.drupal.org/sa-contrib-2024-005