The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2020-02-18T18:13:23
Updated: 2024-08-06T16:38:01.683Z
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4228
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-02-18T19:15:11.910
Modified: 2020-02-26T19:43:23.633
Link: CVE-2013-4228
Redhat
No data.