Vulnerability from drupal
Published
2024-12-11 16:53
Modified
2025-02-20 20:08
Summary
Details

Open Social is a Drupal distribution for online communities, which ships with a default (optional) module social_file_private to ensure the images and files provided by the distribution are stored in the private instead of the public filesystem.

For installations of Open Social prior to version 11.8.0, after updating to 11.8.0 or higher, newly uploaded files were no longer stored in the private file system as intended. Instead, they were stored in the public file system.

Credits
corn696 www.drupal.org/user/3544002
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "affected_versions": "\u003e=11.8.0 \u003c12.3.10 || \u003e=12.4.0  \u003c12.4.9"
      },
      "package": {
        "ecosystem": "Packagist:https://packages.drupal.org/8",
        "name": "drupal/social"
      },
      "ranges": [
        {
          "database_specific": {
            "constraint": "\u003e=11.8.0 \u003c12.3.10"
          },
          "events": [
            {
              "introduced": "11.8.0"
            },
            {
              "fixed": "12.3.10"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "database_specific": {
            "constraint": "\u003e=12.4.0  \u003c12.4.9"
          },
          "events": [
            {
              "introduced": "12.4.0"
            },
            {
              "fixed": "12.4.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "severity": []
    }
  ],
  "aliases": [
    "CVE-2024-13312"
  ],
  "credits": [
    {
      "contact": [
        "https://www.drupal.org/user/3544002"
      ],
      "name": "corn696"
    }
  ],
  "details": "Open Social is a Drupal distribution for online communities, which ships with a default (optional) module social\\_file\\_private to ensure the images and files provided by the distribution are stored in the private instead of the public filesystem.\n\nFor installations of Open Social prior to version 11.8.0, after updating to 11.8.0 or higher, newly uploaded files were no longer stored in the private file system as intended. Instead, they were stored in the public file system.",
  "id": "DRUPAL-CONTRIB-2024-076",
  "modified": "2025-02-20T20:08:37.000Z",
  "published": "2024-12-11T16:53:22.000Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2024-076"
    }
  ],
  "schema_version": "1.7.0"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.