6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.967 High
EPSS
Percentile
99.7%
This distribution enables you to create an intranet.
Several of the sub modules included do not prevent CSRF on several menu callbacks.
Open Atrium Discussion also does not exit correctly after checking access on a several ajax callbacks, allowing anyone with “access content” to update and delete nodes.
Also, (alpha) module OG Subgroups contained a vulnerability that allowed access to child groups even if membership inheritance was disabled.
The vulnerabilities are mitigated by needing the sub modules enabled – Open Atrium Sitemap, Open Atrium Discussion, and Open Atrium Admin Role and OA Teams, modules bundled with of Open Atrium Core.
Drupal core is not affected. If you do not use the contributed Open Atrium module,
there is nothing you need to do.
Install the latest version:
Also see the Open Atrium project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/oa_core
www.drupal.org/project/oa_discussion
www.drupal.org/project/oa_sitemap
www.drupal.org/project/openatrium
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/user/2301194
www.drupal.org/user/426416
www.drupal.org/writing-secure-code
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.967 High
EPSS
Percentile
99.7%