Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7065

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2013-7065
Last Modified 13 Jun 2014 12:51:36
Published 29 Apr 2014 10:38:43
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-7065

Summary

The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.

Vulnerable Systems

Application

  • Organic Groups Project Organic Groups 7.x-2.0

  • Organic Groups Project Organic Groups 7.x-2.1

  • Organic Groups Project Organic Groups 7.x-2.2

  • Organic Groups Project Organic Groups 7.x-2.x


References

MISC - https://drupal.org/node/2140217

CONFIRM - https://drupal.org/node/2140209

MLIST - [oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules

MLIST - [oss-security] 20131206 CVE request for Drupal core, and contributed modules


Last Updated: 27 May 2016 11:05:06