CVE-2012-2721

The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
moshe_weitzmanorganic_groups
6.x-2.0:x
moshe_weitzmanorganic_groups
6.x-2.0:x
moshe_weitzmanorganic_groups
6.x-2.0:x
moshe_weitzmanorganic_groups
6.x-2.0:x
moshe_weitzmanorganic_groups
6.x-2.1:x
moshe_weitzmanorganic_groups
6.x-2.2:x
moshe_weitzmanorganic_groups
6.x-2.3:x
moshe_weitzmanorganic_groups
6.x-2.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1619736
http://drupal.org/node/1619810
http://drupalcode.org/project/og.git/commitdiff/1485708
http://secunia.com/advisories/49397
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.osvdb.org/82728
http://www.securityfocus.com/bid/53838
https://exchange.xforce.ibmcloud.com/vulnerabilities/76150
http://drupal.org/node/1619736
http://drupal.org/node/1619810
http://drupalcode.org/project/og.git/commitdiff/1485708
http://secunia.com/advisories/49397
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.osvdb.org/82728
http://www.securityfocus.com/bid/53838
https://exchange.xforce.ibmcloud.com/vulnerabilities/76150