Lucene search
Ubuntu.comUB:CVE-2013-7067HistoryDec 19, 2013 - 12:00 a.m.
CVE-2013-7067
2013-12-1900:00:00
ubuntu.com
ubuntu.com
6
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
72.5%
The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly
override pages that have an access callback set to false, which allows
remote attackers to bypass intended access restrictions via a request.
Notes
| Author | Note |
|---|---|
| leosilva | Drupal core is not affected. If you do not use the contributed OG Features module, there is nothing you need to do. If you use the OG Features module for Drupal 6.x, upgrade to OG Features 6.x-1.4 |
Related
nvd
nvd
CVE-2013-7067
2013-12-19 04:24:57
prion
prion
Cross site request forgery (csrf)
2013-12-19 04:24:00
cvelist
cvelist
CVE-2013-7067
2013-12-19 02:00:00
drupal
drupal
SA-CONTRIB-2013-097 - OG Features - Access bypass
2013-12-04 00:00:00
cve
cve
CVE-2013-7067
2013-12-19 04:24:57
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
72.5%
Related for UB:CVE-2013-7067