CVE-2012-2721 Information

Description

The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the \access content\ permission removed which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.

Reference

http://drupal.org/node/1619736 http://drupal.org/node/1619810 http://drupalcode.org/project/og.git/commitdiff/1485708 http://secunia.com/advisories/49397 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82728 http://www.securityfocus.com/bid/53838 https://exchange.xforce.ibmcloud.com/vulnerabilities/76150