4 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. La implementación de los campos de acceso OG (campos de visibilidad) en el módulo de Organic Groups (OG) versiones 7.x-2.x anteriores a 7.x-2.3 para Drupal, no restringe el acceso apropiadamente a grupos privados, lo que permite a usuarios autenticados remotos adivinar los ID de nodo, suscribirse a y leer el contenido de grupos privados arbitrarios por medio de vectores no especificados. • http://www.openwall.com/lists/oss-security/2013/08/10/1 http://www.securityfocus.com/bid/61708 https://drupal.org/node/2059755 https://drupal.org/node/2059765 https://exchange.xforce.ibmcloud.com/vulnerabilities/86328 • CWE-863: Incorrect Authorization •

CVSS: 5.8EPSS: 0%CPEs: 15EXPL: 0

The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field. El módulo de Organic Groups (OG) versiones 7.x-2.x anteriores a 7.x-2.3 para Drupal, permite a los atacantes remotos omitir las restricciones de acceso y publicar a grupos arbitrarios por medio del campo de audiencia grupal, como es demostrado por el campo og_group _ref. • http://www.openwall.com/lists/oss-security/2013/12/06/7 http://www.openwall.com/lists/oss-security/2013/12/12/1 https://drupal.org/node/2140209 https://drupal.org/node/2140217 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0

The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. El módulo Organic Groups (OG) 7.x-2.x anterior a 7.x-2.3 para Drupal, permite a usuarios remotos autenticados evadir restricciones de grupo en nodos con todos los grupos configurados con entrada de datos opcional a través de un grupo de campos vacío. • http://www.openwall.com/lists/oss-security/2013/12/06/7 http://www.openwall.com/lists/oss-security/2013/12/12/1 https://drupal.org/node/2140209 https://drupal.org/node/2140217 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 12EXPL: 0

The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved. El módulo Organic Groups (OG) v7.x-1.x antes de v7.x-1.5 para Drupal no mantiene adecuadamente las membresías de grupo pendientes, lo que permite a usuarios autenticados remotamente postear en grupos de su elección modificando su propia cuente cuando hay una membresía pendiente de aprobación. • http://drupal.org/node/1795906 http://drupal.org/node/1796036 http://www.openwall.com/lists/oss-security/2012/11/20/4 • CWE-264: Permissions, Privileges, and Access Controls •