* Advisory ID: DRUPAL-SA-CONTRIB-2009-071 * Project: OG Vocabulary (third party module) * Version: 6.x * Date: 2009-October-14 * Security risk: Critical * Exploitable from: Remote * Vulnerability: Access bypass
.... Description
The Organic Groups Vocabulary module enables an organic group to have a group specific vocabulary. A vulnerability in this module allows any group member, even if they are not a group admin, to view, edit, and create vocabularies and terms for all groups. .... Versions affected
* Organic Groups Vocabulary module versions 6.x prior to 6.x-1.0
Drupal core is not affected. If you do not use the contributed Organic Groups Vocabulary module, there is nothing you need to do. .... Solution
Install the latest version. * Organic Groups Vocabulary module for Drupal 6.x upgrade to Organic Groups Vocabulary module 6.x-1.0 [1]
.... Reported by
FGM [2] and Ki [3] .... Fixed by
mrag_28 [4] and Amitaibu [5], the module maintainer. -------- CONTACT -------------------------------------------------------------
The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
[1] http://drupal.org/node/604354 [2] http://drupal.org/user/27985 [3] http://drupal.org/user/292047 [4] http://drupal.org/user/206162 [5] http://drupal.org/user/57511