4

CVE-2009-3921

The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ezra Barnett GildesgameSmartqueue Og Version5.x-1.0
   DrupalDrupal
Ezra Barnett GildesgameSmartqueue Og Version5.x-1.1
   DrupalDrupal
Ezra Barnett GildesgameSmartqueue Og Version5.x-1.2
   DrupalDrupal
Ezra Barnett GildesgameSmartqueue Og Version5.x-1.x-dev
   DrupalDrupal
Ezra Barnett GildesgameSmartqueue Og Version6.x-1.0 Updaterc1
   DrupalDrupal
Ezra Barnett GildesgameSmartqueue Og Version6.x-1.0 Updaterc2
   DrupalDrupal
Ezra Barnett GildesgameSmartqueue Og Version6.x-1.x-dev
   DrupalDrupal
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.591
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://drupal.org/node/617496
Patch
Vendor Advisory
http://drupal.org/node/617500
Patch
Vendor Advisory
http://drupal.org/node/623554
Patch
Vendor Advisory