CVE-2012-2721

critical

Description

The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/76150

http://www.securityfocus.com/bid/53838

http://www.osvdb.org/82728

http://www.openwall.com/lists/oss-security/2012/06/14/3

http://secunia.com/advisories/49397

http://drupal.org/node/1619810

http://drupal.org/node/1619736

Details

Source: Mitre, NVD

Published: 2012-06-27

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00279