Vulnerability Description
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moshe Weitzman | Organic Groups | 6.x-2.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1619736Patch
- http://drupal.org/node/1619810PatchVendor Advisory
- http://drupalcode.org/project/og.git/commitdiff/1485708ExploitPatch
- http://secunia.com/advisories/49397Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.osvdb.org/82728
- http://www.securityfocus.com/bid/53838
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76150
- http://drupal.org/node/1619736Patch
- http://drupal.org/node/1619810PatchVendor Advisory
- http://drupalcode.org/project/og.git/commitdiff/1485708ExploitPatch
- http://secunia.com/advisories/49397Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.osvdb.org/82728
- http://www.securityfocus.com/bid/53838
FAQ
What is CVE-2012-2721?
CVE-2012-2721 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote...
How severe is CVE-2012-2721?
CVE-2012-2721 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2721?
Check the references section above for vendor advisories and patch information. Affected products include: Moshe Weitzman Organic Groups, Drupal Drupal.