CVE-2013-7067
Published: 19 December 2013
The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request.
Notes
| Author | Note |
|---|---|
| leosilva | Drupal core is not affected. If you do not use the contributed OG Features module, there is nothing you need to do. If you use the OG Features module for Drupal 6.x, upgrade to OG Features 6.x-1.4 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
drupal6 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| lucid |
Ignored
(end of life)
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
drupal7 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(code not present)
|
| lucid |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Not vulnerable
(code not present)
|