本ページは organic_groups_project organic_groups に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2013-4228 | The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. | [email protected] | 4.3 | 1.16% | 2020-02-18 | 2026-06-16 |
| CVE-2013-7068 | The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. | [email protected] | 4.9 | 0.99% | 2014-04-29 | 2026-06-16 |
| CVE-2013-7065 | The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field. | [email protected] | 5.8 | 1.22% | 2014-04-29 | 2026-06-16 |
| CVE-2012-5539 | The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved. | [email protected] | 3.5 | 0.95% | 2012-12-03 | 2026-06-16 |
| CVE-2008-3094 | The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors. | [email protected] | 4.3 | 2.04% | 2008-07-09 | 2026-06-16 |