CVE-2009-3921

Published Nov 9, 2009

Last updated 15 years ago

Overview

Description: The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BC40212-935B-4742-B5F4-0128D4D5691D"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FBC957C-6687-4D78-A3FB-98F3D3DC4CE2"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3C40725-FEF7-4E96-A6B7-FB496070AD63"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.x-dev:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF93D1D4-2E97-4773-849F-1F0D89BA83E9"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:6.x-1.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF19A274-1AE2-44B9-839B-3EF84DB235F2"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:6.x-1.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F30C62A-DC66-4498-8572-9608D5C137B5"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:6.x-1.x-dev:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FD0B6B4-7B13-4E7B-B371-13004653FFF1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References