Main Vulnerability Database Vulnerabilities #VU101746

Information disclosure in Open Social - #VU101746

Published: December 12, 2024

Vulnerability identifier: #VU101746

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Drupal

Affected software:
Open Social

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the images and files provided by the distribution are stored in the private instead of the public filesystem. A remote attacker can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

Sources

https://www.drupal.org/sa-contrib-2024-076

Information disclosure in Open Social - #VU101746

Detailed vulnerability description

Remediation

Sources

Please verify you're human