Cross site request forgery (csrf)

2018-02-0117:29:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.1%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.

CPENameOperatorVersion
open_atriumeq>= 7.x2.0 AND < 7.x2.26
open_atriumeq7.x-2.0 alpha2
open_atriumeq7.x-2.0 alpha1
open_atriumeq7.x-2.0 alpha3
open_atriumeq7.x-2.0 alpha4
open_atriumeq7.x-2.0 alpha5
open_atriumeq7.x-2.0 beta1
open_atriumeq7.x-2.0 beta2
open_atriumeq7.x-2.0 beta3
open_atriumeq7.x-2.0 beta4

Name	Operator	Version
open_atrium	eq	>= 7.x2.0 AND < 7.x2.26
open_atrium	eq	7.x-2.0 alpha2
open_atrium	eq	7.x-2.0 alpha1
open_atrium	eq	7.x-2.0 alpha3
open_atrium	eq	7.x-2.0 alpha4
open_atrium	eq	7.x-2.0 alpha5
open_atrium	eq	7.x-2.0 beta1
open_atrium	eq	7.x-2.0 beta2
open_atrium	eq	7.x-2.0 beta3
open_atrium	eq	7.x-2.0 beta4