Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by organic_groups_project

    CVE-2013-4228 (GCVE-0-2013-4228)

    Vulnerability from cvelistv5 – Published: 2020-02-18 18:13 – Updated: 2024-08-06 16:38
    VLAI
    Summary
    The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Insecure Permissions
    Assigner
    Impacted products
    Vendor Product Version
    n/a Organic Groups (OG) module Affected: 7.x-2.x before 7.x-2.3
    Date Public
    2013-08-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:38:01.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2059765"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/61708"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2059755"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Organic Groups (OG) module",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.x-2.x before 7.x-2.3"
                }
              ]
            }
          ],
          "datePublic": "2013-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure Permissions",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-18T18:13:23.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2059765"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/61708"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2059755"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-4228",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Organic Groups (OG) module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.x-2.x before 7.x-2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure Permissions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://drupal.org/node/2059765",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/2059765"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/08/10/1",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
                },
                {
                  "name": "http://www.securityfocus.com/bid/61708",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/61708"
                },
                {
                  "name": "https://drupal.org/node/2059755",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/2059755"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4228",
        "datePublished": "2020-02-18T18:13:23.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:38:01.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7065 (GCVE-0-2013-7065)

    Vulnerability from cvelistv5 – Published: 2014-04-29 14:00 – Updated: 2024-08-06 17:53
    VLAI
    Summary
    The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:53:46.030Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2140217"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2140209"
              },
              {
                "name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-06-09T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2140217"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://drupal.org/node/2140209"
            },
            {
              "name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7065",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
                },
                {
                  "name": "https://drupal.org/node/2140217",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/2140217"
                },
                {
                  "name": "https://drupal.org/node/2140209",
                  "refsource": "CONFIRM",
                  "url": "https://drupal.org/node/2140209"
                },
                {
                  "name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7065",
        "datePublished": "2014-04-29T14:00:00.000Z",
        "dateReserved": "2013-12-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:53:46.030Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7068 (GCVE-0-2013-7068)

    Vulnerability from cvelistv5 – Published: 2014-04-29 14:00 – Updated: 2024-08-06 17:53
    VLAI
    Summary
    The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:53:46.077Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2140217"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2140209"
              },
              {
                "name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-29T12:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2140217"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://drupal.org/node/2140209"
            },
            {
              "name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7068",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
                },
                {
                  "name": "https://drupal.org/node/2140217",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/2140217"
                },
                {
                  "name": "https://drupal.org/node/2140209",
                  "refsource": "CONFIRM",
                  "url": "https://drupal.org/node/2140209"
                },
                {
                  "name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7068",
        "datePublished": "2014-04-29T14:00:00.000Z",
        "dateReserved": "2013-12-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:53:46.077Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5539 (GCVE-0-2012-5539)

    Vulnerability from cvelistv5 – Published: 2012-12-03 21:00 – Updated: 2024-09-16 17:09
    VLAI
    Summary
    The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupal.org/node/1795906 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2012/11/20/4 mailing-listx_refsource_MLIST
    http://drupal.org/node/1796036 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:05:47.358Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1795906"
              },
              {
                "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1796036"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-12-03T21:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1795906"
            },
            {
              "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1796036"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-5539",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/1795906",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1795906"
                },
                {
                  "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
                },
                {
                  "name": "http://drupal.org/node/1796036",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1796036"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5539",
        "datePublished": "2012-12-03T21:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:09:10.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3094 (GCVE-0-2008-3094)

    Vulnerability from cvelistv5 – Published: 2008-07-09 19:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/30070 vdb-entryx_refsource_BID
    http://drupal.org/node/277873 x_refsource_CONFIRM
    http://secunia.com/advisories/30928 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2008-07-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:40.487Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "30070",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30070"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/277873"
              },
              {
                "name": "30928",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30928"
              },
              {
                "name": "organic-title-information-disclosure(43578)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43578"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "30070",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30070"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/277873"
            },
            {
              "name": "30928",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30928"
            },
            {
              "name": "organic-title-information-disclosure(43578)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43578"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3094",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "30070",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30070"
                },
                {
                  "name": "http://drupal.org/node/277873",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/277873"
                },
                {
                  "name": "30928",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30928"
                },
                {
                  "name": "organic-title-information-disclosure(43578)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43578"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3094",
        "datePublished": "2008-07-09T19:00:00.000Z",
        "dateReserved": "2008-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:40.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4228 (GCVE-0-2013-4228)

    Vulnerability from nvd – Published: 2020-02-18 18:13 – Updated: 2024-08-06 16:38
    VLAI
    Summary
    The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Insecure Permissions
    Assigner
    Impacted products
    Vendor Product Version
    n/a Organic Groups (OG) module Affected: 7.x-2.x before 7.x-2.3
    Date Public
    2013-08-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:38:01.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2059765"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/61708"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2059755"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Organic Groups (OG) module",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.x-2.x before 7.x-2.3"
                }
              ]
            }
          ],
          "datePublic": "2013-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure Permissions",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-18T18:13:23.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2059765"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/61708"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2059755"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-4228",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Organic Groups (OG) module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.x-2.x before 7.x-2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure Permissions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://drupal.org/node/2059765",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/2059765"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/08/10/1",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1"
                },
                {
                  "name": "http://www.securityfocus.com/bid/61708",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/61708"
                },
                {
                  "name": "https://drupal.org/node/2059755",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/2059755"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4228",
        "datePublished": "2020-02-18T18:13:23.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:38:01.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7068 (GCVE-0-2013-7068)

    Vulnerability from nvd – Published: 2014-04-29 14:00 – Updated: 2024-08-06 17:53
    VLAI
    Summary
    The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:53:46.077Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2140217"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2140209"
              },
              {
                "name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-29T12:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2140217"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://drupal.org/node/2140209"
            },
            {
              "name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7068",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
                },
                {
                  "name": "https://drupal.org/node/2140217",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/2140217"
                },
                {
                  "name": "https://drupal.org/node/2140209",
                  "refsource": "CONFIRM",
                  "url": "https://drupal.org/node/2140209"
                },
                {
                  "name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7068",
        "datePublished": "2014-04-29T14:00:00.000Z",
        "dateReserved": "2013-12-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:53:46.077Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7065 (GCVE-0-2013-7065)

    Vulnerability from nvd – Published: 2014-04-29 14:00 – Updated: 2024-08-06 17:53
    VLAI
    Summary
    The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:53:46.030Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2140217"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://drupal.org/node/2140209"
              },
              {
                "name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-06-09T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drupal.org/node/2140217"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://drupal.org/node/2140209"
            },
            {
              "name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7065",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/12/12/1"
                },
                {
                  "name": "https://drupal.org/node/2140217",
                  "refsource": "MISC",
                  "url": "https://drupal.org/node/2140217"
                },
                {
                  "name": "https://drupal.org/node/2140209",
                  "refsource": "CONFIRM",
                  "url": "https://drupal.org/node/2140209"
                },
                {
                  "name": "[oss-security] 20131206 CVE request for Drupal core, and contributed modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/12/06/7"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7065",
        "datePublished": "2014-04-29T14:00:00.000Z",
        "dateReserved": "2013-12-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:53:46.030Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5539 (GCVE-0-2012-5539)

    Vulnerability from nvd – Published: 2012-12-03 21:00 – Updated: 2024-09-16 17:09
    VLAI
    Summary
    The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://drupal.org/node/1795906 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2012/11/20/4 mailing-listx_refsource_MLIST
    http://drupal.org/node/1796036 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:05:47.358Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1795906"
              },
              {
                "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/1796036"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-12-03T21:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/1795906"
            },
            {
              "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://drupal.org/node/1796036"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-5539",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://drupal.org/node/1795906",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/1795906"
                },
                {
                  "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
                },
                {
                  "name": "http://drupal.org/node/1796036",
                  "refsource": "MISC",
                  "url": "http://drupal.org/node/1796036"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5539",
        "datePublished": "2012-12-03T21:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:09:10.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3094 (GCVE-0-2008-3094)

    Vulnerability from nvd – Published: 2008-07-09 19:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/30070 vdb-entryx_refsource_BID
    http://drupal.org/node/277873 x_refsource_CONFIRM
    http://secunia.com/advisories/30928 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2008-07-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:40.487Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "30070",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30070"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://drupal.org/node/277873"
              },
              {
                "name": "30928",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30928"
              },
              {
                "name": "organic-title-information-disclosure(43578)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43578"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "30070",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30070"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://drupal.org/node/277873"
            },
            {
              "name": "30928",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30928"
            },
            {
              "name": "organic-title-information-disclosure(43578)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43578"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3094",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "30070",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30070"
                },
                {
                  "name": "http://drupal.org/node/277873",
                  "refsource": "CONFIRM",
                  "url": "http://drupal.org/node/277873"
                },
                {
                  "name": "30928",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30928"
                },
                {
                  "name": "organic-title-information-disclosure(43578)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43578"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3094",
        "datePublished": "2008-07-09T19:00:00.000Z",
        "dateReserved": "2008-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:40.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }