CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
EPSS
Percentile
99.7%
This module enables you to import content from a web page by scraping its Open Graph data.
The module doesn’t sufficiently check for “create” permission to the content type that is configured as the destination for imported content, thus allowing a user with the “import og_tag_importer” permission to create content regardless of other permissions.
Drupal core is not affected. If you do not use the contributed Open Graph Importer module,
there is nothing you need to do.
Disable the module. There is no safe version of the module to use.
Also see the Open Graph Importer project page.
Not applicable.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/og_tag_importer
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/xcf33
www.drupal.org/user/108450
www.drupal.org/user/329570
www.drupal.org/user/404732
www.drupal.org/writing-secure-code