{ "id": "CVE-2009-3921", "sourceIdentifier": "cve@mitre.org", "published": "2009-11-09T17:30:00.953", "lastModified": "2009-11-10T05:00:00.000", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages." }, { "lang": "es", "value": "El m\u00f3dulo Smartqueue_og v5.x anteriores a v5.x-1.3 y v6.x anteriores a6.x-1.0-rc3, m\u00f3dulo para Drupal, en ciertas circunstancias no verifica los privilegios del nodo de grupo, implicando la creaci\u00f3n de una sub-cola que permite a usuarios remotos autenticados, descubrir nombres de grupo org\u00e1nicos de su elecci\u00f3n leyendo los mensajes de confirmaci\u00f3n." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-264" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC40212-935B-4742-B5F4-0128D4D5691D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0FBC957C-6687-4D78-A3FB-98F3D3DC4CE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "D3C40725-FEF7-4E96-A6B7-FB496070AD63" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:5.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "BF93D1D4-2E97-4773-849F-1F0D89BA83E9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:6.x-1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EF19A274-1AE2-44B9-839B-3EF84DB235F2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:6.x-1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "1F30C62A-DC66-4498-8572-9608D5C137B5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:smartqueue_og:6.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "5FD0B6B4-7B13-4E7B-B371-13004653FFF1" } ] } ] } ], "references": [ { "url": "http://drupal.org/node/617496", "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://drupal.org/node/617500", "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://drupal.org/node/623554", "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/36925", "source": "cve@mitre.org", "tags": [ "Patch" ] } ] }