Lucene search

RedhatCVE-2013-4228

HistoryFeb 18, 2020 - 7:15 p.m.

CVE-2013-4228

2020-02-1819:15:11

CWE-863

redhat

web.nvd.nist.gov

drupal

organic groups

og module

information security

access control

remote authentication

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.002

Percentile

57.1%

JSON

The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.

Affected configurations

Nvd

Vulners

Node

organic_groups_projectorganic_groupsMatch7.x-2.0-drupal

organic_groups_projectorganic_groupsMatch7.x-2.0alpha1drupal

organic_groups_projectorganic_groupsMatch7.x-2.0alpha2drupal

organic_groups_projectorganic_groupsMatch7.x-2.0alpha3drupal

organic_groups_projectorganic_groupsMatch7.x-2.0beta1drupal

organic_groups_projectorganic_groupsMatch7.x-2.0beta2drupal

organic_groups_projectorganic_groupsMatch7.x-2.0beta3drupal

organic_groups_projectorganic_groupsMatch7.x-2.0beta4drupal

organic_groups_projectorganic_groupsMatch7.x-2.0rc1drupal

organic_groups_projectorganic_groupsMatch7.x-2.0rc2drupal

organic_groups_projectorganic_groupsMatch7.x-2.0rc3drupal

organic_groups_projectorganic_groupsMatch7.x-2.0rc4drupal

organic_groups_projectorganic_groupsMatch7.x-2.1drupal

organic_groups_projectorganic_groupsMatch7.x-2.2drupal

VendorProductVersionCPE
organic_groups_projectorganic_groups7.x-2.0cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:-:*:*:*:drupal:*:*
organic_groups_projectorganic_groups7.x-2.0cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha1:*:*:*:drupal:*:*
organic_groups_projectorganic_groups7.x-2.0cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha2:*:*:*:drupal:*:*
organic_groups_projectorganic_groups7.x-2.0cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha3:*:*:*:drupal:*:*
organic_groups_projectorganic_groups7.x-2.0cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta1:*:*:*:drupal:*:*
organic_groups_projectorganic_groups7.x-2.0cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta2:*:*:*:drupal:*:*
organic_groups_projectorganic_groups7.x-2.0cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta3:*:*:*:drupal:*:*
organic_groups_projectorganic_groups7.x-2.0cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta4:*:*:*:drupal:*:*
organic_groups_projectorganic_groups7.x-2.0cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc1:*:*:*:drupal:*:*
organic_groups_projectorganic_groups7.x-2.0cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc2:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
organic_groups_project	organic_groups	7.x-2.0	cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:-::::drupal::*
organic_groups_project	organic_groups	7.x-2.0	cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha1::::drupal::*
organic_groups_project	organic_groups	7.x-2.0	cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha2::::drupal::*
organic_groups_project	organic_groups	7.x-2.0	cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha3::::drupal::*
organic_groups_project	organic_groups	7.x-2.0	cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta1::::drupal::*
organic_groups_project	organic_groups	7.x-2.0	cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta2::::drupal::*
organic_groups_project	organic_groups	7.x-2.0	cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta3::::drupal::*
organic_groups_project	organic_groups	7.x-2.0	cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta4::::drupal::*
organic_groups_project	organic_groups	7.x-2.0	cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc1::::drupal::*
organic_groups_project	organic_groups	7.x-2.0	cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc2::::drupal::*

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "product": "Organic Groups (OG) module",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "7.x-2.x before 7.x-2.3"
      }
    ]
  }
]

References

www.openwall.com/lists/oss-security/2013/08/10/1

www.securityfocus.com/bid/61708

drupal.org/node/2059755

drupal.org/node/2059765

exchange.xforce.ibmcloud.com/vulnerabilities/86328

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.002

Percentile

57.1%

JSON

Related for CVE-2013-4228