All the vulnerabilites related to organic_groups_project - organic_groups
cve-2013-7068
Vulnerability from cvelistv5
Published
2014-04-29 14:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/12/12/1 | mailing-list, x_refsource_MLIST | |
| https://drupal.org/node/2140217 | x_refsource_MISC | |
| https://drupal.org/node/2140209 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/12/06/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2140217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2140209"
},
{
"name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-29T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2140217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2140209"
},
{
"name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
},
{
"name": "https://drupal.org/node/2140217",
"refsource": "MISC",
"url": "https://drupal.org/node/2140217"
},
{
"name": "https://drupal.org/node/2140209",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2140209"
},
{
"name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7068",
"datePublished": "2014-04-29T14:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5539
Vulnerability from cvelistv5
Published
2012-12-03 21:00
Modified
2024-09-16 17:09
Severity ?
EPSS score ?
Summary
The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/1795906 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/20/4 | mailing-list, x_refsource_MLIST | |
| http://drupal.org/node/1796036 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1795906"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1796036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-03T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1795906"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1796036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1795906",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1795906"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"name": "http://drupal.org/node/1796036",
"refsource": "MISC",
"url": "http://drupal.org/node/1796036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5539",
"datePublished": "2012-12-03T21:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-09-16T17:09:10.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7065
Vulnerability from cvelistv5
Published
2014-04-29 14:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/12/12/1 | mailing-list, x_refsource_MLIST | |
| https://drupal.org/node/2140217 | x_refsource_MISC | |
| https://drupal.org/node/2140209 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/12/06/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2140217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2140209"
},
{
"name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2140217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2140209"
},
{
"name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
},
{
"name": "https://drupal.org/node/2140217",
"refsource": "MISC",
"url": "https://drupal.org/node/2140217"
},
{
"name": "https://drupal.org/node/2140209",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2140209"
},
{
"name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7065",
"datePublished": "2014-04-29T14:00:00",
"dateReserved": "2013-12-11T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3094
Vulnerability from cvelistv5
Published
2008-07-09 19:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/30070 | vdb-entry, x_refsource_BID | |
| http://drupal.org/node/277873 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/30928 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43578 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:40.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30070"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/277873"
},
{
"name": "30928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30928"
},
{
"name": "organic-title-information-disclosure(43578)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43578"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30070"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/277873"
},
{
"name": "30928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30928"
},
{
"name": "organic-title-information-disclosure(43578)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43578"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30070"
},
{
"name": "http://drupal.org/node/277873",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/277873"
},
{
"name": "30928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30928"
},
{
"name": "organic-title-information-disclosure(43578)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43578"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3094",
"datePublished": "2008-07-09T19:00:00",
"dateReserved": "2008-07-09T00:00:00",
"dateUpdated": "2024-08-07T09:28:40.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4228
Vulnerability from cvelistv5
Published
2020-02-18 18:13
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://drupal.org/node/2059765 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/08/10/1 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/61708 | x_refsource_MISC | |
| https://drupal.org/node/2059755 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86328 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Organic Groups (OG) module |
Version: 7.x-2.x before 7.x-2.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2059765"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61708"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2059755"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Organic Groups (OG) module",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.x-2.x before 7.x-2.3"
}
]
}
],
"datePublic": "2013-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Permissions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-18T18:13:23",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2059765"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/61708"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2059755"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Organic Groups (OG) module",
"version": {
"version_data": [
{
"version_value": "7.x-2.x before 7.x-2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2059765",
"refsource": "MISC",
"url": "https://drupal.org/node/2059765"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/08/10/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"name": "http://www.securityfocus.com/bid/61708",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/61708"
},
{
"name": "https://drupal.org/node/2059755",
"refsource": "MISC",
"url": "https://drupal.org/node/2059755"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4228",
"datePublished": "2020-02-18T18:13:23",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-12-03 21:55
Modified
2024-11-21 01:44
Severity ?
Summary
The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| organic_groups_project | organic_groups | 7.x-1.0 | |
| organic_groups_project | organic_groups | 7.x-1.0 | |
| organic_groups_project | organic_groups | 7.x-1.1 | |
| organic_groups_project | organic_groups | 7.x-1.1 | |
| organic_groups_project | organic_groups | 7.x-1.1 | |
| organic_groups_project | organic_groups | 7.x-1.1 | |
| organic_groups_project | organic_groups | 7.x-1.1 | |
| organic_groups_project | organic_groups | 7.x-1.2 | |
| organic_groups_project | organic_groups | 7.x-1.3 | |
| organic_groups_project | organic_groups | 7.x-1.4 | |
| organic_groups_project | organic_groups | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D0CDDA-9020-4CD2-9A8D-969A8F13151C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "894CED84-5879-4E00-AFD5-1D296657B851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C634CA9-63A9-447F-BA78-DBEA2865BF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "33214636-3FA4-4C3B-822F-A2661269AE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8F6AACFE-73D7-4B28-8CAE-0092E1CB5421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "370A1A38-5C29-4C91-A7B9-C9955F6E3771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D75C375E-C502-407D-ABD1-54D278340F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E24522B-1E5D-42B3-AEB3-3C417B9B4156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C79D87B-B106-4578-BB98-086768ED67EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5CDED268-BD28-43C5-99D2-A9DE3C1B41D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "DA7D5A11-0ED1-4612-A9A3-E01AF5970EF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved."
},
{
"lang": "es",
"value": "El m\u00f3dulo Organic Groups (OG) v7.x-1.x antes de v7.x-1.5 para Drupal no mantiene adecuadamente las membres\u00edas de grupo pendientes, lo que permite a usuarios autenticados remotamente postear en grupos de su elecci\u00f3n modificando su propia cuente cuando hay una membres\u00eda pendiente de aprobaci\u00f3n."
}
],
"id": "CVE-2012-5539",
"lastModified": "2024-11-21T01:44:50.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-03T21:55:02.033",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1795906"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1796036"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1795906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1796036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-18 19:15
Modified
2024-11-21 01:55
Severity ?
Summary
The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/08/10/1 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/61708 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://drupal.org/node/2059755 | Release Notes, Vendor Advisory | |
| secalert@redhat.com | https://drupal.org/node/2059765 | Vendor Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/86328 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/08/10/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/61708 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://drupal.org/node/2059755 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://drupal.org/node/2059765 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/86328 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.1 | |
| organic_groups_project | organic_groups | 7.x-2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:-:*:*:*:drupal:*:*",
"matchCriteriaId": "AF72996D-7ABE-4F85-ABC8-5D0FA973845A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "757C478D-3E62-4992-8A78-AD4309955400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "CF2D03A8-8844-467D-AFB2-F4EDA35EBFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "1CE40904-4E21-44A0-8EF8-AAF0E7B5726C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "31A865F3-7276-4D4F-A238-1F2A99078DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "BF15DDBA-F639-4DEC-804B-8B998C2E906B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "A990C458-AD98-4B69-A27A-A13EDC35D9FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta4:*:*:*:drupal:*:*",
"matchCriteriaId": "61CA452F-691C-4D5A-8391-827853BA7859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "E52E67B3-9594-4513-9707-03A49ACD6356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc2:*:*:*:drupal:*:*",
"matchCriteriaId": "ABA5E86F-070A-4CDC-AE59-0A56B611CF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc3:*:*:*:drupal:*:*",
"matchCriteriaId": "2B0F3805-C347-4799-98D4-45B8131FA4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc4:*:*:*:drupal:*:*",
"matchCriteriaId": "D0D4979C-61EF-4542-B7C1-186B2BD8F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "CA1513EB-F578-4EB9-B117-BC941E204F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "02206421-1BEA-4E36-83EF-E56B28A94DA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de los campos de acceso OG (campos de visibilidad) en el m\u00f3dulo de Organic Groups (OG) versiones 7.x-2.x anteriores a 7.x-2.3 para Drupal, no restringe el acceso apropiadamente a grupos privados, lo que permite a usuarios autenticados remotos adivinar los ID de nodo, suscribirse a y leer el contenido de grupos privados arbitrarios por medio de vectores no especificados."
}
],
"id": "CVE-2013-4228",
"lastModified": "2024-11-21T01:55:10.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-18T19:15:11.910",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/61708"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059755"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059765"
},
{
"source": "secalert@redhat.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/61708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2059765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-29 14:38
Modified
2024-11-21 02:00
Severity ?
Summary
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.1 | |
| organic_groups_project | organic_groups | 7.x-2.2 | |
| organic_groups_project | organic_groups | 7.x-2.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:-:*:*:*:drupal:*:*",
"matchCriteriaId": "AF72996D-7ABE-4F85-ABC8-5D0FA973845A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "757C478D-3E62-4992-8A78-AD4309955400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "CF2D03A8-8844-467D-AFB2-F4EDA35EBFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "1CE40904-4E21-44A0-8EF8-AAF0E7B5726C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "31A865F3-7276-4D4F-A238-1F2A99078DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "BF15DDBA-F639-4DEC-804B-8B998C2E906B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "A990C458-AD98-4B69-A27A-A13EDC35D9FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta4:*:*:*:drupal:*:*",
"matchCriteriaId": "61CA452F-691C-4D5A-8391-827853BA7859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "E52E67B3-9594-4513-9707-03A49ACD6356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc2:*:*:*:drupal:*:*",
"matchCriteriaId": "ABA5E86F-070A-4CDC-AE59-0A56B611CF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc3:*:*:*:drupal:*:*",
"matchCriteriaId": "2B0F3805-C347-4799-98D4-45B8131FA4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc4:*:*:*:drupal:*:*",
"matchCriteriaId": "D0D4979C-61EF-4542-B7C1-186B2BD8F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "CA1513EB-F578-4EB9-B117-BC941E204F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "02206421-1BEA-4E36-83EF-E56B28A94DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "B2C3EC71-ED91-4FA6-9DBD-F724DD1CBABE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field."
},
{
"lang": "es",
"value": "El m\u00f3dulo de Organic Groups (OG) versiones 7.x-2.x anteriores a 7.x-2.3 para Drupal, permite a los atacantes remotos omitir las restricciones de acceso y publicar a grupos arbitrarios por medio del campo de audiencia grupal, como es demostrado por el campo og_group _ref."
}
],
"id": "CVE-2013-7065",
"lastModified": "2024-11-21T02:00:16.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-29T14:38:43.857",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2140209"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2140217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2140209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2140217"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-29 14:38
Modified
2024-11-21 02:00
Severity ?
Summary
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.0 | |
| organic_groups_project | organic_groups | 7.x-2.1 | |
| organic_groups_project | organic_groups | 7.x-2.2 | |
| organic_groups_project | organic_groups | 7.x-2.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:-:*:*:*:drupal:*:*",
"matchCriteriaId": "AF72996D-7ABE-4F85-ABC8-5D0FA973845A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "757C478D-3E62-4992-8A78-AD4309955400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "CF2D03A8-8844-467D-AFB2-F4EDA35EBFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "1CE40904-4E21-44A0-8EF8-AAF0E7B5726C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "31A865F3-7276-4D4F-A238-1F2A99078DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "BF15DDBA-F639-4DEC-804B-8B998C2E906B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "A990C458-AD98-4B69-A27A-A13EDC35D9FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta4:*:*:*:drupal:*:*",
"matchCriteriaId": "61CA452F-691C-4D5A-8391-827853BA7859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "E52E67B3-9594-4513-9707-03A49ACD6356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc2:*:*:*:drupal:*:*",
"matchCriteriaId": "ABA5E86F-070A-4CDC-AE59-0A56B611CF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc3:*:*:*:drupal:*:*",
"matchCriteriaId": "2B0F3805-C347-4799-98D4-45B8131FA4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc4:*:*:*:drupal:*:*",
"matchCriteriaId": "D0D4979C-61EF-4542-B7C1-186B2BD8F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "CA1513EB-F578-4EB9-B117-BC941E204F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "02206421-1BEA-4E36-83EF-E56B28A94DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "B2C3EC71-ED91-4FA6-9DBD-F724DD1CBABE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field."
},
{
"lang": "es",
"value": "El m\u00f3dulo Organic Groups (OG) 7.x-2.x anterior a 7.x-2.3 para Drupal, permite a usuarios remotos autenticados evadir restricciones de grupo en nodos con todos los grupos configurados con entrada de datos opcional a trav\u00e9s de un grupo de campos vac\u00edo."
}
],
"id": "CVE-2013-7068",
"lastModified": "2024-11-21T02:00:16.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-29T14:38:43.907",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2140209"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2140217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2140209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2140217"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-09 19:33
Modified
2024-11-21 00:48
Severity ?
Summary
The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://drupal.org/node/277873 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/30928 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/30070 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/43578 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://drupal.org/node/277873 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30928 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30070 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/43578 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| organic_groups_project | organic_groups | 5.x-5.x-7.2 | |
| organic_groups_project | organic_groups | 5.x-7.0 | |
| organic_groups_project | organic_groups | 5.x-7.0 | |
| organic_groups_project | organic_groups | 5.x-7.0 | |
| organic_groups_project | organic_groups | 5.x-7.0 | |
| organic_groups_project | organic_groups | 5.x-7.0 | |
| organic_groups_project | organic_groups | 5.x-7.0 | |
| organic_groups_project | organic_groups | 5.x-7.1 | |
| organic_groups_project | organic_groups | 6.x-1.0 | |
| organic_groups_project | organic_groups | 6.x-1.0 | |
| organic_groups_project | organic_groups | 6.x-1.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:5.x-5.x-7.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "15F41023-9DBA-429C-8F1A-0D0B7A4A3E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:5.x-7.0:-:*:*:*:drupal:*:*",
"matchCriteriaId": "75CCBA32-1E76-4CF5-A776-D98E3B3123BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:5.x-7.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "0FD1B203-1E85-40F7-9389-889276F2602B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:5.x-7.0:rc2:*:*:*:drupal:*:*",
"matchCriteriaId": "FF7F6029-CF4F-4284-B329-081A092C5F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:5.x-7.0:rc3:*:*:*:drupal:*:*",
"matchCriteriaId": "424EDA0C-D963-4D7C-8C34-ECA87CD5BA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:5.x-7.0:rc4:*:*:*:drupal:*:*",
"matchCriteriaId": "FD9E63DF-8FC2-4DFC-9C52-B0E04C3114F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:5.x-7.0:rc5:*:*:*:drupal:*:*",
"matchCriteriaId": "31DDDBCD-2FB4-416B-A307-A9A03233CC37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:5.x-7.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "14984E55-52E6-4D69-8E77-68FEFD1DC2BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:6.x-1.0:alpha:*:*:*:drupal:*:*",
"matchCriteriaId": "50D41261-17C6-4839-BA8E-9914CC123513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:6.x-1.0:beta:*:*:*:drupal:*:*",
"matchCriteriaId": "EE31F6F3-2BAE-4CAF-A00C-E86240364A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:organic_groups_project:organic_groups:6.x-1.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "26585100-2119-44C2-B1F4-ABB2E65D0677",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00f3dulo The Organic Groups (OG) 5.x antes de 5.x-7.3 y 6.x antes de 6.x-1.0-RC1, un m\u00f3dulo para Drupal, permite a atacantes remotos obtener informaci\u00f3n sensible (nombres de grupo privados) mediante vectores no especificados."
}
],
"id": "CVE-2008-3094",
"lastModified": "2024-11-21T00:48:24.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-09T19:33:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/277873"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30928"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30070"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/277873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43578"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}