CVE-2012-2721 (GCVE-0-2012-2721)
Vulnerability from cvelistv5 – Published: 2012-06-27 00:00 – Updated: 2024-08-06 19:42
VLAI?
Summary
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53838",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53838"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1619736"
},
{
"name": "82728",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/82728"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/og.git/commitdiff/1485708"
},
{
"name": "organicgroups-permission-security-bypass(76150)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76150"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1619810"
},
{
"name": "49397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the \"access content\" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "53838",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53838"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1619736"
},
{
"name": "82728",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/82728"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/og.git/commitdiff/1485708"
},
{
"name": "organicgroups-permission-security-bypass(76150)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76150"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1619810"
},
{
"name": "49397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49397"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the \"access content\" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53838"
},
{
"name": "http://drupal.org/node/1619736",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1619736"
},
{
"name": "82728",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82728"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "http://drupalcode.org/project/og.git/commitdiff/1485708",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/og.git/commitdiff/1485708"
},
{
"name": "organicgroups-permission-security-bypass(76150)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76150"
},
{
"name": "http://drupal.org/node/1619810",
"refsource": "MISC",
"url": "http://drupal.org/node/1619810"
},
{
"name": "49397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49397"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2721",
"datePublished": "2012-06-27T00:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"586989FC-FB44-4DF8-9ABB-9FE1BC9FC8FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F75F245C-CDC2-436A-94A4-3FDBC175CF5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD6163A1-1793-4261-ADE5-58F0A0AC5036\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"61903138-CF7F-46EA-A3E1-DC0C324ACACA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51E76179-60A8-4957-9A28-F28560874E3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25FD5736-4C27-47E9-A540-C06CD998A344\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D84F1641-CE86-4B96-9B28-77D70DDB3C27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.x:dev:*:*:*:*:*:*\", \"matchCriteriaId\": \"461DF120-E96F-448F-ADA6-A87FA93FA69D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8B1170D-AD33-4C7A-892D-63AC71B032CF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the \\\"access content\\\" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.\"}, {\"lang\": \"es\", \"value\": \"La vista por defecto en el m\\u00f3dulo Organic Groups (OG) v6.x-2.x anteriores a v6.x-2.4 para Drupal no comprueba de forma adecuada los permisos cuando todos los usuario tienen eliminado el permiso de acceso al contenido (access content), lo que permite a atacantes remotos evitar los restricciones y posiblemente tenga otros impactos no determinados.\"}]",
"id": "CVE-2012-2721",
"lastModified": "2024-11-21T01:39:30.400",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2012-06-27T00:55:04.957",
"references": "[{\"url\": \"http://drupal.org/node/1619736\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://drupal.org/node/1619810\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://drupalcode.org/project/og.git/commitdiff/1485708\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://secunia.com/advisories/49397\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/06/14/3\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.osvdb.org/82728\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/53838\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/76150\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://drupal.org/node/1619736\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://drupal.org/node/1619810\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://drupalcode.org/project/og.git/commitdiff/1485708\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://secunia.com/advisories/49397\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/06/14/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/82728\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/53838\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/76150\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-2721\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-06-27T00:55:04.957\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the \\\"access content\\\" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.\"},{\"lang\":\"es\",\"value\":\"La vista por defecto en el m\u00f3dulo Organic Groups (OG) v6.x-2.x anteriores a v6.x-2.4 para Drupal no comprueba de forma adecuada los permisos cuando todos los usuario tienen eliminado el permiso de acceso al contenido (access content), lo que permite a atacantes remotos evitar los restricciones y posiblemente tenga otros impactos no determinados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"586989FC-FB44-4DF8-9ABB-9FE1BC9FC8FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F75F245C-CDC2-436A-94A4-3FDBC175CF5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD6163A1-1793-4261-ADE5-58F0A0AC5036\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"61903138-CF7F-46EA-A3E1-DC0C324ACACA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51E76179-60A8-4957-9A28-F28560874E3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25FD5736-4C27-47E9-A540-C06CD998A344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D84F1641-CE86-4B96-9B28-77D70DDB3C27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.x:dev:*:*:*:*:*:*\",\"matchCriteriaId\":\"461DF120-E96F-448F-ADA6-A87FA93FA69D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B1170D-AD33-4C7A-892D-63AC71B032CF\"}]}]}],\"references\":[{\"url\":\"http://drupal.org/node/1619736\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://drupal.org/node/1619810\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://drupalcode.org/project/og.git/commitdiff/1485708\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://secunia.com/advisories/49397\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/06/14/3\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.osvdb.org/82728\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/53838\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/76150\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://drupal.org/node/1619736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://drupal.org/node/1619810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://drupalcode.org/project/og.git/commitdiff/1485708\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://secunia.com/advisories/49397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/06/14/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/82728\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/53838\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/76150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…