Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By greggles on
- Advisory ID: DRUPAL-SA-CONTRIB-2009-071
- Project: OG Vocabulary (third party module)
- Version: 6.x
- Date: 2009-October-14
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Access bypass
Description
The Organic Groups Vocabulary module enables an organic group to have a group specific vocabulary. A vulnerability in this module allows any group member, even if they are not a group admin, to view, edit, and create vocabularies and terms for all groups.
Versions affected
- Organic Groups Vocabulary module versions 6.x prior to 6.x-1.0
Drupal core is not affected. If you do not use the contributed Organic Groups Vocabulary module, there is nothing you need to do.
Solution
Install the latest version.
- Organic Groups Vocabulary module for Drupal 6.x upgrade to Organic Groups Vocabulary module 6.x-1.0
Reported by
Fixed by
mrag_28 and Amitaibu, the module maintainer.
Contact
The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.