CVE-2009-3921

EUVD-2009-3892
The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
ezra_barnett_gildesgamesmartqueue_og
5.x-1.0:x
ezra_barnett_gildesgamesmartqueue_og
5.x-1.1:x
ezra_barnett_gildesgamesmartqueue_og
5.x-1.2:x
ezra_barnett_gildesgamesmartqueue_og
5.x-1.x-dev:x
ezra_barnett_gildesgamesmartqueue_og
6.x-1.0:x
ezra_barnett_gildesgamesmartqueue_og
6.x-1.0:x
ezra_barnett_gildesgamesmartqueue_og
6.x-1.x-dev:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/617496
http://drupal.org/node/617500
http://drupal.org/node/623554
http://osvdb.org/59675
http://secunia.com/advisories/37288
http://www.securityfocus.com/bid/36925
http://drupal.org/node/617496
http://drupal.org/node/617500
http://drupal.org/node/623554
http://osvdb.org/59675
http://secunia.com/advisories/37288
http://www.securityfocus.com/bid/36925