Vulnerabilities > Organic Groups Project

DATE CVE VULNERABILITY TITLE RISK
2020-02-18 CVE-2013-4228 Incorrect Authorization vulnerability in Organic Groups Project Organic Groups 7.X2.0/7.X2.1/7.X2.2
The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
network
low complexity
organic-groups-project CWE-863
4.3