CVE-2009-3921 Information

Description

The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3 a module for Drupal does not verify group-node privileges in certain circumstances involving subqueue creation which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages.

Reference

http://drupal.org/node/617496 http://drupal.org/node/617500 http://drupal.org/node/623554 http://osvdb.org/59675 http://secunia.com/advisories/37288 http://www.securityfocus.com/bid/36925