CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2013-4228
https://notcve.org/view.php?id=CVE-2013-4228
18 Feb 2020 — The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. La implementación de los campos de acceso OG (campos de visibilidad) en el módulo de Organic Groups (OG) versiones 7.x-2.x anteriores a 7.x-2.3 para Drupal, no restringe el acceso apropiadamen... • http://www.openwall.com/lists/oss-security/2013/08/10/1 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2013-7065
https://notcve.org/view.php?id=CVE-2013-7065
29 Apr 2014 — The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field. El módulo de Organic Groups (OG) versiones 7.x-2.x anteriores a 7.x-2.3 para Drupal, permite a los atacantes remotos omitir las restricciones de acceso y publicar a grupos arbitrarios por medio del campo de audiencia grupal, como es demostrado por el campo og_group _ref. • http://www.openwall.com/lists/oss-security/2013/12/06/7 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2013-7068
https://notcve.org/view.php?id=CVE-2013-7068
29 Apr 2014 — The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. El módulo Organic Groups (OG) 7.x-2.x anterior a 7.x-2.3 para Drupal, permite a usuarios remotos autenticados evadir restricciones de grupo en nodos con todos los grupos configurados con entrada de datos opcional a través de un grupo de campos vacío. • http://www.openwall.com/lists/oss-security/2013/12/06/7 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2012-5539
https://notcve.org/view.php?id=CVE-2012-5539
03 Dec 2012 — The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved. El módulo Organic Groups (OG) v7.x-1.x antes de v7.x-1.5 para Drupal no mantiene adecuadamente las membresías de grupo pendientes, lo que permite a usuarios autenticados remotamente postear en grupos de su elección modificando su propia cue... • http://drupal.org/node/1795906 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0CVE-2008-3094
https://notcve.org/view.php?id=CVE-2008-3094
09 Jul 2008 — The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors. El módulo The Organic Groups (OG) 5.x antes de 5.x-7.3 y 6.x antes de 6.x-1.0-RC1, un módulo para Drupal, permite a atacantes remotos obtener información sensible (nombres de grupo privados) mediante vectores no especificados. • http://drupal.org/node/277873 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •