N/A

The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.

N/A

N/A

Drupal Organic Groups模块权限许可和访问控制问题漏洞

Drupal是Drupal社区的一套使用PHP语言开发的开源内容管理系统。Organic Groups是一个可实现群组功能的模块。 Drupal Organic Groups模块7.x-2.3之前的7.x-2.x版本中存在安全漏洞。未授权的攻击者可利用该漏洞绕过特定的安全限制，获得访问权限，有助于发起进一步攻击。

N/A

N/A