Vulnerability Description
The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Organic Groups Project | Organic Groups | 7.x-2.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2013/08/10/1Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/61708Third Party AdvisoryVDB Entry
- https://drupal.org/node/2059755Release NotesVendor Advisory
- https://drupal.org/node/2059765Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86328VDB EntryVendor Advisory
- http://www.openwall.com/lists/oss-security/2013/08/10/1Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/61708Third Party AdvisoryVDB Entry
- https://drupal.org/node/2059755Release NotesVendor Advisory
- https://drupal.org/node/2059765Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86328VDB EntryVendor Advisory
FAQ
What is CVE-2013-4228?
CVE-2013-4228 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authent...
How severe is CVE-2013-4228?
CVE-2013-4228 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4228?
Check the references section above for vendor advisories and patch information. Affected products include: Organic Groups Project Organic Groups.