{"containers": {"cna": {"affected": [{"product": "Organic Groups (OG) module", "vendor": "n/a", "versions": [{"status": "affected", "version": "7.x-2.x before 7.x-2.3"}]}], "datePublic": "2013-08-07T00:00:00", "descriptions": [{"lang": "en", "value": "The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "Insecure Permissions", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-18T18:13:23", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/2059765"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/bid/61708"}, {"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/2059755"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4228", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Organic Groups (OG) module", "version": {"version_data": [{"version_value": "7.x-2.x before 7.x-2.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insecure Permissions"}]}]}, "references": {"reference_data": [{"name": "https://drupal.org/node/2059765", "refsource": "MISC", "url": "https://drupal.org/node/2059765"}, {"name": "http://www.openwall.com/lists/oss-security/2013/08/10/1", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"}, {"name": "http://www.securityfocus.com/bid/61708", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/61708"}, {"name": "https://drupal.org/node/2059755", "refsource": "MISC", "url": "https://drupal.org/node/2059755"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4228", "datePublished": "2020-02-18T18:13:23", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2020-02-18T18:13:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:-:*:*:*:drupal:*:*", "matchCriteriaId": "AF72996D-7ABE-4F85-ABC8-5D0FA973845A", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha1:*:*:*:drupal:*:*", "matchCriteriaId": "757C478D-3E62-4992-8A78-AD4309955400", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha2:*:*:*:drupal:*:*", "matchCriteriaId": "CF2D03A8-8844-467D-AFB2-F4EDA35EBFF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha3:*:*:*:drupal:*:*", "matchCriteriaId": "1CE40904-4E21-44A0-8EF8-AAF0E7B5726C", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta1:*:*:*:drupal:*:*", "matchCriteriaId": "31A865F3-7276-4D4F-A238-1F2A99078DA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta2:*:*:*:drupal:*:*", "matchCriteriaId": "BF15DDBA-F639-4DEC-804B-8B998C2E906B", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta3:*:*:*:drupal:*:*", "matchCriteriaId": "A990C458-AD98-4B69-A27A-A13EDC35D9FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta4:*:*:*:drupal:*:*", "matchCriteriaId": "61CA452F-691C-4D5A-8391-827853BA7859", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc1:*:*:*:drupal:*:*", "matchCriteriaId": "E52E67B3-9594-4513-9707-03A49ACD6356", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc2:*:*:*:drupal:*:*", "matchCriteriaId": "ABA5E86F-070A-4CDC-AE59-0A56B611CF11", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc3:*:*:*:drupal:*:*", "matchCriteriaId": "2B0F3805-C347-4799-98D4-45B8131FA4BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc4:*:*:*:drupal:*:*", "matchCriteriaId": "D0D4979C-61EF-4542-B7C1-186B2BD8F03B", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.1:*:*:*:*:drupal:*:*", "matchCriteriaId": "CA1513EB-F578-4EB9-B117-BC941E204F13", "vulnerable": true}, {"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.2:*:*:*:*:drupal:*:*", "matchCriteriaId": "02206421-1BEA-4E36-83EF-E56B28A94DA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors."}, {"lang": "es", "value": "La implementaci\u00f3n de los campos de acceso OG (campos de visibilidad) en el m\u00f3dulo de Organic Groups (OG) versiones 7.x-2.x anteriores a 7.x-2.3 para Drupal, no restringe el acceso apropiadamente a grupos privados, lo que permite a usuarios autenticados remotos adivinar los ID de nodo, suscribirse a y leer el contenido de grupos privados arbitrarios por medio de vectores no especificados."}], "id": "CVE-2013-4228", "lastModified": "2020-02-26T19:43:23.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-18T19:15:11.910", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/61708"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://drupal.org/node/2059755"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://drupal.org/node/2059765"}, {"source": "secalert@redhat.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}