Vulnerability Database

291,048

Total vulnerabilities in the database

CVE-2013-4228

The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.

  • Published: Feb 18, 2020
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-4228
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
organic_groups_project / organic_groups 7.x-2.0-beta1 7.x-2.0-beta1.x
organic_groups_project / organic_groups 7.x-2.0-rc1 7.x-2.0-rc1.x
organic_groups_project / organic_groups 7.x-2.0-rc2 7.x-2.0-rc2.x
organic_groups_project / organic_groups 7.x-2.2 7.x-2.2.x
organic_groups_project / organic_groups 7.x-2.0-alpha2 7.x-2.0-alpha2.x
organic_groups_project / organic_groups 7.x-2.0-rc4 7.x-2.0-rc4.x
organic_groups_project / organic_groups 7.x-2.0-alpha3 7.x-2.0-alpha3.x
organic_groups_project / organic_groups 7.x-2.0-beta2 7.x-2.0-beta2.x
organic_groups_project / organic_groups 7.x-2.0-beta4 7.x-2.0-beta4.x
organic_groups_project / organic_groups 7.x-2.0-beta3 7.x-2.0-beta3.x
organic_groups_project / organic_groups 7.x-2.1 7.x-2.1.x
organic_groups_project / organic_groups 7.x-2.0 7.x-2.0.x
organic_groups_project / organic_groups 7.x-2.0-rc3 7.x-2.0-rc3.x
organic_groups_project / organic_groups 7.x-2.0-alpha1 7.x-2.0-alpha1.x