1. CVE-Search
  2. CVE-2013-4228
ID CVE-2013-4228
Summary The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:-:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:-:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha1:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha1:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha2:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha2:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha3:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:alpha3:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta1:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta1:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta2:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta2:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta3:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta3:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta4:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:beta4:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc1:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc1:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc2:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc2:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc3:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc3:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc4:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.0:rc4:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.1:*:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.1:*:*:*:*:drupal:*:*
  • cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.2:*:*:*:*:drupal:*:*
    cpe:2.3:a:organic_groups_project:organic_groups:7.x-2.2:*:*:*:*:drupal:*:*
CVSS
Base: 4.0 (as of 26-02-2020 - 19:43)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
misc
Last major update 26-02-2020 - 19:43
Published 18-02-2020 - 19:15
Last modified 26-02-2020 - 19:43
Back to Top