CVE-2009-3921

2009-11-0917:00:00

mitre

www.cve.org

smartqueue_og

drupal

remote authentication

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

56.7%

JSON

The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.

References

drupal.org/node/617496

drupal.org/node/617500

drupal.org/node/623554

osvdb.org/59675

secunia.com/advisories/37288

www.securityfocus.com/bid/36925