2 matches found
CVE-2013-7068
The issue CVE-2013-7068 affects the Drupal Organic Groups (OG) module for Drupal 7.x-2.x, specifically versions prior to 7.x-2.3. The vulnerability allows remote authenticated users to bypass group restrictions on nodes when all groups are configured as optional via an empty group field, enabling...
SA-CONTRIB-2013-095 - Organic Groups - Access bypass
Two issues exist within entity references and permissions relating to OG, allowing users potential access bypass. Posting content into groups where a user is not a member Organic Groups does not sufficiently check the group audience fields e.g. oggroupref field from being populated with invalid...