CVE-2013-7067
Publication date 19 December 2013
Last updated 24 July 2024
Ubuntu priority
The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request.
Status
Package | Ubuntu Release | Status |
---|---|---|
drupal6 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
drupal7 | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
Notes
leosilva
Drupal core is not affected. If you do not use the contributed OG Features module, there is nothing you need to do. If you use the OG Features module for Drupal 6.x, upgrade to OG Features 6.x-1.4