CVE-2013-4228

EPSS 0.23%
Veröffentlicht 18.02.2020 19:15:11
Zuletzt bearbeitet 21.11.2024 01:55:10
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Organic Groups Project ≫ Organic Groups Version7.x-2.0 Update- SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.0 Updatealpha1 SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.0 Updatealpha2 SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.0 Updatealpha3 SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.0 Updatebeta1 SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.0 Updatebeta2 SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.0 Updatebeta3 SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.0 Updatebeta4 SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.0 Updaterc1 SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.0 Updaterc2 SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.0 Updaterc3 SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.0 Updaterc4 SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.1 SwPlatformdrupal

Organic Groups Project ≫ Organic Groups Version7.x-2.2 SwPlatformdrupal

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.433

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://www.openwall.com/lists/oss-security/2013/08/10/1

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/61708

Third Party Advisory

VDB Entry

https://drupal.org/node/2059755

Vendor Advisory

Release Notes

https://drupal.org/node/2059765

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/86328