4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
50.2%
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows
remote authenticated users to bypass group restrictions on nodes with all
groups set to optional input via an empty group field.
Author | Note |
---|---|
leosilva | Drupal core is not affected. If you do not use the contributed Organic groups module, there is nothing you need to do. If you use the Organic Groups module for Drupal 7.x, upgrade to og 7.x-2.4 |