5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
72.5%
The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly
override pages that have an access callback set to false, which allows
remote attackers to bypass intended access restrictions via a request.
Author | Note |
---|---|
leosilva | Drupal core is not affected. If you do not use the contributed OG Features module, there is nothing you need to do. If you use the OG Features module for Drupal 6.x, upgrade to OG Features 6.x-1.4 |