Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2721

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-2721
Last Modified 26 Jul 2012 12:00:00
Published 26 Jun 2012 08:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2721

Summary

The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.

Vulnerable Systems

Application

  • Moshe Weitzman Organic Groups 6.x-2.0

  • Moshe Weitzman Organic Groups 6.x-2.1

  • Moshe Weitzman Organic Groups 6.x-2.2

  • Moshe Weitzman Organic Groups 6.x-2.3

  • Moshe Weitzman Organic Groups 6.x-2.x


References

XF - organicgroups-permission-security-bypass(76150)

BID - 53838

OSVDB - 82728

MLIST - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules

SECUNIA - 49397

CONFIRM - http://drupalcode.org/project/og.git/commitdiff/1485708

MISC - http://drupal.org/node/1619810

CONFIRM - http://drupal.org/node/1619736


Last Updated: 27 May 2016 10:56:35