Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-2721

The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.

Published

2012-06-27T00:55:04.957

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	moshe_weitzman	organic_groups	6.x-2.0	Yes
Application	moshe_weitzman	organic_groups	6.x-2.0	Yes
Application	moshe_weitzman	organic_groups	6.x-2.0	Yes
Application	moshe_weitzman	organic_groups	6.x-2.0	Yes
Application	moshe_weitzman	organic_groups	6.x-2.1	Yes
Application	moshe_weitzman	organic_groups	6.x-2.2	Yes
Application	moshe_weitzman	organic_groups	6.x-2.3	Yes
Application	moshe_weitzman	organic_groups	6.x-2.x	Yes
Application	drupal	drupal	-	No

References

http://drupal.org/node/1619736 Patch ([email protected])
http://drupal.org/node/1619810 Patch, Vendor Advisory ([email protected])
http://drupalcode.org/project/og.git/commitdiff/1485708 Exploit, Patch ([email protected])
http://secunia.com/advisories/49397 Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2012/06/14/3 ([email protected])
http://www.osvdb.org/82728 ([email protected])
http://www.securityfocus.com/bid/53838 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/76150 ([email protected])
http://drupal.org/node/1619736 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://drupal.org/node/1619810 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://drupalcode.org/project/og.git/commitdiff/1485708 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/49397 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2012/06/14/3 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/82728 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/53838 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/76150 (af854a3a-2127-422b-91ae-364da2661108)