Open Atrium Project

open_atrium_project

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-9504 1Open Atrium Project 1Open Atrium Nov 21, 2024 Feb 1, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.
CVE-2014-9503 1Open Atrium Project 1Open Atrium Nov 21, 2024 Feb 1, 2018 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks o...Show more The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.Show less
CVE-2014-9502 1Open Atrium Project 1Open Atrium Nov 21, 2024 Feb 1, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims vi...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.Show less
CVE-2014-8736 1Open Atrium Project 1Open Atrium May 6, 2026 Nov 12, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node.