4 matches found
CVE-2014-8736
The Open Atrium Core module for Drupal (OA Core) in the 7.x-2.x line is affected by CVE-2014-8736, prior to 7.x-2.22. The vulnerability lets remote attackers bypass access controls and read file attachments that were removed from a node by leveraging a previous revision of that node. The risk is ...
CVE-2014-9502
CVE-2014-9502 covers multiple CSRF vulnerabilities in the Open Atrium module for Drupal 7.x-2.x (pre-7.x-2.26). Affected: Open Atrium 7.x-2.x before 7.x-2.26; vulnerability exists in unspecified submodules and relates to menu callbacks, allowing remote attackers to hijack other users’ sessions. E...
CVE-2014-9503
CVE-2014-9503 affects the Open Atrium 7.x-2.x Discussions sub module (pre-7.x-2.26). The vulnerability allows remote authenticated users with "access content" permissions to modify arbitrary nodes due to improper access checks on unspecified AJAX callbacks. Impact is limited to Drupal/Open Atrium...
CVE-2014-9504
CVE-2014-9504 affects Drupal Open Atrium’s OG Subgroups module. When used with Open Atrium 7.x-2.x prior to 7.x-2.26, it allows a remote attacker to access child groups via vectors related to membership inheritance. Documents confirm the vulnerable configuration and the affected version range; no...