CVE-2009-3921

The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
OR cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:6.x-1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:6.x-1.x-dev:*:*:*:*:*:*:*
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.x-dev:*:*:*:*:*:*:*
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:6.x-1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.2:*:*:*:*:*:*:*

Information

Published : 2009-11-09 09:30

Updated : 2009-11-09 21:00


NVD link : CVE-2009-3921

Mitre link : CVE-2009-3921


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

drupal

  • drupal

ezra_barnett_gildesgame

  • smartqueue_og