Candidate: CVE-2013-7065 PublicDate: 2014-04-29 14:38:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7065 http://www.openwall.com/lists/oss-security/2013/12/11 Description: The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field. Ubuntu-Description: Notes: leosilva> "Drupal core is not affected. If you do not use the contributed Organic groups module, there is nothing you need to do." leosilva> "if you use the Organic Groups module for Drupal 7.x, upgrade to og 7.x-2.4" Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: Patches_drupal6: upstream_drupal6: needs-triage lucid_drupal6: ignored (reached end-of-life) precise_drupal6: ignored (reached end-of-life) precise/esm_drupal6: DNE (precise was needs-triage) quantal_drupal6: ignored (reached end-of-life) raring_drupal6: ignored (reached end-of-life) saucy_drupal6: DNE trusty_drupal6: DNE trusty/esm_drupal6: DNE utopic_drupal6: DNE vivid_drupal6: DNE vivid/stable-phone-overlay_drupal6: DNE vivid/ubuntu-core_drupal6: DNE wily_drupal6: DNE xenial_drupal6: DNE yakkety_drupal6: DNE zesty_drupal6: DNE artful_drupal6: DNE devel_drupal6: DNE Patches_drupal7: upstream_drupal7: needs-triage lucid_drupal7: DNE precise_drupal7: ignored (reached end-of-life) precise/esm_drupal7: DNE (precise was needs-triage) quantal_drupal7: ignored (reached end-of-life) raring_drupal7: ignored (reached end-of-life) saucy_drupal7: ignored (reached end-of-life) trusty_drupal7: not-affected (code not present) trusty/esm_drupal7: DNE (trusty was not-affected [code not present]) utopic_drupal7: ignored (reached end-of-life) vivid_drupal7: ignored (reached end-of-life) vivid/stable-phone-overlay_drupal7: DNE vivid/ubuntu-core_drupal7: DNE wily_drupal7: ignored (reached end-of-life) xenial_drupal7: not-affected (code not present) yakkety_drupal7: ignored (reached end-of-life) zesty_drupal7: not-affected (code not present) artful_drupal7: not-affected (code not present) devel_drupal7: not-affected (code not present)