CVE-2015-4389

Name of the Vulnerable Software and Affected Versions Drupal Open Graph Importer (og tag importer) versions 7.x-1.x

Description The issue concerns the Open Graph Importer module for Drupal, which fails to properly check the create permission for content types created during import. This allows remote authenticated users to bypass intended restrictions by leveraging the "import og tag importer" permission.

Recommendations For Drupal Open Graph Importer (og tag importer) versions 7.x-1.x, consider restricting the "import og tag importer" permission to trusted users until a patch is available. As a temporary workaround, review and manually verify the permissions for all content types created during import to ensure they align with intended access controls.