PT-2009-6142 · Drupal · Smartqueue Og

Published

2009-11-09

Updated

2009-11-10

CVE-2009-3921

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Smartqueue og module versions 5.x before 5.x-1.3 Smartqueue og module versions 6.x before 6.x-1.0-rc3

Description The issue concerns the Smartqueue og module for Drupal, where it fails to verify group-node privileges in certain situations involving subqueue creation. This allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.

Recommendations For Smartqueue og module versions 5.x before 5.x-1.3, update to version 5.x-1.3 or later. For Smartqueue og module versions 6.x before 6.x-1.0-rc3, update to version 6.x-1.0-rc3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-3921

Affected Products

Smartqueue Og

PT-2009-6142 · Drupal · Smartqueue Og

CVE-2009-3921

Weakness Enumeration

Related Identifiers

Affected Products

References · 7