Drupal Association members fund grants that make connections all over the world.
- Advisory ID: DRUPAL-SA-CONTRIB-2009-071
- Project: OG Vocabulary (third party module)
- Version: 6.x
- Date: 2009-October-14
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Access bypass
The Organic Groups Vocabulary module enables an organic group to have a group specific vocabulary. A vulnerability in this module allows any group member, even if they are not a group admin, to view, edit, and create vocabularies and terms for all groups.
- Organic Groups Vocabulary module versions 6.x prior to 6.x-1.0
Drupal core is not affected. If you do not use the contributed Organic Groups Vocabulary module, there is nothing you need to do.
Install the latest version.
- Organic Groups Vocabulary module for Drupal 6.x upgrade to Organic Groups Vocabulary module 6.x-1.0
The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.