2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
0.967 High
EPSS
Percentile
99.7%
CVE: CVE-2012-1644
This module enables you to have a specific vocabulary per organic group.
The module doesn’t sufficiently check access to vocabularies while allowing a group admin to edit the vocabularies.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to “administer own group vocabulary” and be an admin of another group.
Drupal core is not affected. If you do not use the contributed OG Vocabulary module, there is nothing you need to do.
Install the latest version:
See also the OG Vocabulary project page.