DRUPAL-CONTRIB-2022-043

See a problem?

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2022-043.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-043

Withdrawn

2026-03-18T18:00:07.426456Z

Published

2022-05-25T16:49:46Z

Modified

2026-03-18T18:00:07.426456Z

Summary

[none]

Details

Open Social is a Drupal distribution for online communities.

Group entities created within Open Social did not sufficiently check entity access in group overviews, allowing users to see information in the overviews they should not have access to. Visiting the entity directly resulted in correct access checks applied.

This vulnerability is mitigated by the fact that an attacker must be able to view Group entities in an overview and have certain common permissions revoked.

Please note the affected versions were already unsupported, this advisory is released additionally as there are still reported installs for the affected versions.

References

https://www.drupal.org/sa-contrib-2022-043

Credits

- Dmitry Kiselev
- - https://www.drupal.org/user/1945174

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/social

Package

Name: drupal/social
Purl: pkg:composer/drupal/social

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

11.0.0

Database specific

{
    "constraint": "<11.0.0"
}

Database specific

affected_versions

"<11.0.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2022-043.json"