Lucene search
MitreCVE-2013-7065HistoryApr 29, 2014 - 2:38 p.m.
CVE-2013-7065
2014-04-2914:38:43
CWE-264
mitre
web.nvd.nist.gov
25
cve-2013-7065
drupal
organic groups
og module
access restrictions
remote attackers
security vulnerability
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
7
Confidence
Low
EPSS
0.003
Percentile
67.8%
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.
Affected configurations
Node
organic_groups_projectorganic_groupsMatch7.x-2.0-drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.0alpha1drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.0alpha2drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.0alpha3drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.0beta1drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.0beta2drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.0beta3drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.0beta4drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.0rc1drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.0rc2drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.0rc3drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.0rc4drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.1drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.2drupal
ORorganic_groups_projectorganic_groupsMatch7.x-2.xdevdrupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| organic_groups_project | organic_groups | 7.x-2.0 | cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:-:*:*:*:drupal:*:* |
| organic_groups_project | organic_groups | 7.x-2.0 | cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha1:*:*:*:drupal:*:* |
| organic_groups_project | organic_groups | 7.x-2.0 | cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha2:*:*:*:drupal:*:* |
| organic_groups_project | organic_groups | 7.x-2.0 | cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha3:*:*:*:drupal:*:* |
| organic_groups_project | organic_groups | 7.x-2.0 | cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta1:*:*:*:drupal:*:* |
| organic_groups_project | organic_groups | 7.x-2.0 | cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta2:*:*:*:drupal:*:* |
| organic_groups_project | organic_groups | 7.x-2.0 | cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta3:*:*:*:drupal:*:* |
| organic_groups_project | organic_groups | 7.x-2.0 | cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta4:*:*:*:drupal:*:* |
| organic_groups_project | organic_groups | 7.x-2.0 | cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc1:*:*:*:drupal:*:* |
| organic_groups_project | organic_groups | 7.x-2.0 | cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc2:*:*:*:drupal:*:* |
Related
prion
prion
Design/Logic Flaw
2014-04-29 14:38:00
nvd
nvd
CVE-2013-7065
2014-04-29 14:38:43
cvelist
cvelist
CVE-2013-7065
2014-04-29 14:00:00
ubuntucve
ubuntucve
CVE-2013-7065
2014-04-29 00:00:00
drupal
drupal
SA-CONTRIB-2013-095 - Organic Groups - Access bypass
2013-11-20 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
7
Confidence
Low
EPSS
0.003
Percentile
67.8%
Related for CVE-2013-7065