The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2013/08/10/1 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/61708 | Third Party Advisory VDB Entry |
https://drupal.org/node/2059755 | Release Notes Vendor Advisory |
https://drupal.org/node/2059765 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/86328 | VDB Entry Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-02-18T18:13:23
Updated: 2020-02-18T18:13:23
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4228
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-02-18T19:15:11.910
Modified: 2020-02-26T19:43:23.633
Link: CVE-2013-4228
JSON object: View
Redhat Information
No data.
CWE