Описание
The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Patch
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.x-dev:*:*:*:*:*:*:*
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:6.x-1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:6.x-1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:6.x-1.x-dev:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00386
Низкий
4 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
около 3 лет назад
The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.
EPSS
Процентиль: 59%
0.00386
Низкий
4 Medium
CVSS2
Дефекты
CWE-264