Vulnerability Details : CVE-2012-2721
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
Products affected by CVE-2012-2721
- cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.x:dev:*:*:*:*:*:*
- cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.2:*:*:*:*:*:*:*
- cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2721
3.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2721
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-2721
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2721
-
http://www.openwall.com/lists/oss-security/2012/06/14/3
oss-security - Re: CVE Request for Drupal contributed modules
-
http://www.securityfocus.com/bid/53838
Drupal Organic Groups Module Cross Site Scripting and Security Bypass Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/76150
Organic Groups module for Drupal core permission security bypass CVE-2012-2721 Vulnerability Report
-
http://drupal.org/node/1619810
SA-CONTRIB-2012-092 - Organic Groups - Cross Site Scripting (XSS) and Access Bypass | Drupal.orgPatch;Vendor Advisory
-
http://drupalcode.org/project/og.git/commitdiff/1485708
Access to this page has been denied.Exploit;Patch
-
http://drupal.org/node/1619736
Access to this page has been denied.Patch
Jump to