Vulnerability Description
The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | All versions |
| Ezra Barnett Gildesgame | Smartqueue Og | 5.x-1.0 |
Related Weaknesses (CWE)
References
- http://drupal.org/node/617496PatchVendor Advisory
- http://drupal.org/node/617500PatchVendor Advisory
- http://drupal.org/node/623554PatchVendor Advisory
- http://osvdb.org/59675
- http://secunia.com/advisories/37288Vendor Advisory
- http://www.securityfocus.com/bid/36925Patch
- http://drupal.org/node/617496PatchVendor Advisory
- http://drupal.org/node/617500PatchVendor Advisory
- http://drupal.org/node/623554PatchVendor Advisory
- http://osvdb.org/59675
- http://secunia.com/advisories/37288Vendor Advisory
- http://www.securityfocus.com/bid/36925Patch
FAQ
What is CVE-2009-3921?
CVE-2009-3921 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows re...
How severe is CVE-2009-3921?
CVE-2009-3921 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3921?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal, Ezra Barnett Gildesgame Smartqueue Og.