Lucene search

RedhatCVE-2012-2721

HistoryJun 27, 2012 - 12:55 a.m.

CVE-2012-2721

2012-06-2700:55:04

CWE-264

redhat

web.nvd.nist.gov

cve-2012-2721

organic groups

og module

drupal

access restrictions

remote attackers

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.033

Percentile

91.4%

JSON

The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the “access content” permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.

Affected configurations

Nvd

Node

moshe_weitzmanorganic_groupsMatch6.x-2.0

moshe_weitzmanorganic_groupsMatch6.x-2.0rc1

moshe_weitzmanorganic_groupsMatch6.x-2.0rc2

moshe_weitzmanorganic_groupsMatch6.x-2.0rc3

moshe_weitzmanorganic_groupsMatch6.x-2.1

moshe_weitzmanorganic_groupsMatch6.x-2.2

moshe_weitzmanorganic_groupsMatch6.x-2.3

moshe_weitzmanorganic_groupsMatch6.x-2.xdev

AND

drupaldrupalMatch-

VendorProductVersionCPE
moshe_weitzmanorganic_groups6.x-2.0cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:*:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.0cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc1:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.0cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc2:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.0cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc3:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.1cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.1:*:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.2cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.2:*:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.3cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.3:*:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.xcpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.x:dev:*:*:*:*:*:*
drupaldrupal-cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moshe_weitzman	organic_groups	6.x-2.0	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:::::::*
moshe_weitzman	organic_groups	6.x-2.0	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc1::::::
moshe_weitzman	organic_groups	6.x-2.0	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc2::::::
moshe_weitzman	organic_groups	6.x-2.0	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc3::::::
moshe_weitzman	organic_groups	6.x-2.1	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.1:::::::*
moshe_weitzman	organic_groups	6.x-2.2	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.2:::::::*
moshe_weitzman	organic_groups	6.x-2.3	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.3:::::::*
moshe_weitzman	organic_groups	6.x-2.x	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.x:dev::::::
drupal	drupal	-	cpe:2.3:a:drupal:drupal:-:::::::*

References

drupal.org/node/1619736

drupal.org/node/1619810

drupalcode.org/project/og.git/commitdiff/1485708

secunia.com/advisories/49397

www.openwall.com/lists/oss-security/2012/06/14/3

www.osvdb.org/82728

www.securityfocus.com/bid/53838

exchange.xforce.ibmcloud.com/vulnerabilities/76150

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.033

Percentile

91.4%

JSON

Related for CVE-2012-2721