CVE-2012-2721

The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.

Published: Jun 27, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2721
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
moshe_weitzman / organic_groups	6.x-2.0-rc2	6.x-2.0-rc2.x
moshe_weitzman / organic_groups	6.x-2.0-rc1	6.x-2.0-rc1.x
moshe_weitzman / organic_groups	6.x-2.0-rc3	6.x-2.0-rc3.x
moshe_weitzman / organic_groups	6.x-2.0	6.x-2.0.x
moshe_weitzman / organic_groups	6.x-2.1	6.x-2.1.x
moshe_weitzman / organic_groups	6.x-2.2	6.x-2.2.x
moshe_weitzman / organic_groups	6.x-2.3	6.x-2.3.x
moshe_weitzman / organic_groups	6.x-2.x-dev	6.x-2.x-dev.x

http://drupal.org/node/1619736
http://drupal.org/node/1619810
http://drupalcode.org/project/og.git/commitdiff/1485708
http://secunia.com/advisories/49397
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.osvdb.org/82728
http://www.securityfocus.com/bid/53838
https://exchange.xforce.ibmcloud.com/vulnerabilities/76150

Vulnerability Database

291,049

CVE-2012-2721