5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
67.8%
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows
remote attackers to bypass access restrictions and post to arbitrary groups
via a group audience field, as demonstrated by the og_group_ref field.
Author | Note |
---|---|
leosilva | “Drupal core is not affected. If you do not use the contributed Organic groups module, there is nothing you need to do.” “if you use the Organic Groups module for Drupal 7.x, upgrade to og 7.x-2.4” |