CVE-2013-4228

Published: Feb 18, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.

Affected (14)

Products: Organic Groups Project: Organic Groups

Organic Groups Project

1 product

Organic Groups

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Organic Groups Project Organic Groups	Version 7.x-2.0
Organic Groups Project Organic Groups	Version 7.x-2.0 alpha1
Organic Groups Project Organic Groups	Version 7.x-2.0 alpha2
Organic Groups Project Organic Groups	Version 7.x-2.0 alpha3
Organic Groups Project Organic Groups	Version 7.x-2.0 beta1
Organic Groups Project Organic Groups	Version 7.x-2.0 beta2
Organic Groups Project Organic Groups	Version 7.x-2.0 beta3
Organic Groups Project Organic Groups	Version 7.x-2.0 beta4
Organic Groups Project Organic Groups	Version 7.x-2.0 rc1
Organic Groups Project Organic Groups	Version 7.x-2.0 rc2
Organic Groups Project Organic Groups	Version 7.x-2.0 rc3
Organic Groups Project Organic Groups	Version 7.x-2.0 rc4
Organic Groups Project Organic Groups	Version 7.x-2.1
Organic Groups Project Organic Groups	Version 7.x-2.2