CVE-2013-7067

2013-12-1904:24:57

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-7067

og features module

drupal

access restrictions

bypass

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request.

Affected configurations

NVD

Node

mike_stefanelloog_featuresMatch6.x-1.0

mike_stefanelloog_featuresMatch6.x-1.0beta1

mike_stefanelloog_featuresMatch6.x-1.0beta2

mike_stefanelloog_featuresMatch6.x-1.0beta3

mike_stefanelloog_featuresMatch6.x-1.0beta4

mike_stefanelloog_featuresMatch6.x-1.1

mike_stefanelloog_featuresMatch6.x-1.2

mike_stefanelloog_featuresMatch6.x-1.3

mike_stefanelloog_featuresMatch6.x-1.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
mike_stefanello:og_featuresmike stefanello og featureseq6.x-1.0
mike_stefanello:og_featuresmike stefanello og featureseq6.x-1.1
mike_stefanello:og_featuresmike stefanello og featureseq6.x-1.2
mike_stefanello:og_featuresmike stefanello og featureseq6.x-1.3
mike_stefanello:og_featuresmike stefanello og featureseq6.x-1.x

CPE	Name	Operator	Version
mike_stefanello:og_features	mike stefanello og features	eq	6.x-1.0
mike_stefanello:og_features	mike stefanello og features	eq	6.x-1.1
mike_stefanello:og_features	mike stefanello og features	eq	6.x-1.2
mike_stefanello:og_features	mike stefanello og features	eq	6.x-1.3
mike_stefanello:og_features	mike stefanello og features	eq	6.x-1.x