PT-2020-7487 · Drupal · Organic Groups
Forest Monsen
·
Published
2020-02-18
·
Updated
2020-02-26
·
CVE-2013-4228
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Organic Groups (OG) module versions 7.x-2.x before 7.x-2.3 for Drupal
Description:
The issue allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors, due to the improper restriction of access to private groups.
Recommendations:
For Organic Groups (OG) module versions 7.x-2.x before 7.x-2.3, update to version 7.x-2.3 or later to resolve the issue.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Organic Groups