Drupal Commons Groups Privilege Escalation and Access Bypass Vulnerabilities

Bugtraq ID:	58759
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 27 2013 12:00AM
Updated:	Mar 27 2013 12:00AM
Credit:	Joseph Pontani, Jakob Perry, and Ezra Gildesgame
Vulnerable:
Not Vulnerable:

Drupal Commons Groups Privilege Escalation and Access Bypass Vulnerabilities

The Commons Groups module for Drupal is prone to a privilege escalation vulnerability and an access-bypass vulnerability.

Exploiting these issues will allow attackers to bypass certain security restrictions and gain elevated privileges. Other attacks are also possible.

Versions prior to Commons Groups 7.x-3.1 are vulnerable.

Drupal Commons Groups Privilege Escalation and Access Bypass Vulnerabilities

Attackers may launch attacks through a browser.

Drupal Commons Groups Privilege Escalation and Access Bypass Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Drupal Commons Groups Privilege Escalation and Access Bypass Vulnerabilities

References: