6.8

CVE-2012-2721

Exploit
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Moshe WeitzmanOrganic Groups Version6.x-2.0
   DrupalDrupal Version-
Moshe WeitzmanOrganic Groups Version6.x-2.0 Updaterc1
   DrupalDrupal Version-
Moshe WeitzmanOrganic Groups Version6.x-2.0 Updaterc2
   DrupalDrupal Version-
Moshe WeitzmanOrganic Groups Version6.x-2.0 Updaterc3
   DrupalDrupal Version-
Moshe WeitzmanOrganic Groups Version6.x-2.1
   DrupalDrupal Version-
Moshe WeitzmanOrganic Groups Version6.x-2.2
   DrupalDrupal Version-
Moshe WeitzmanOrganic Groups Version6.x-2.3
   DrupalDrupal Version-
Moshe WeitzmanOrganic Groups Version6.x-2.x Updatedev
   DrupalDrupal Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.44
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://drupal.org/node/1619810
Patch
Vendor Advisory