Open Atrium Project: >> Open Atrium >> 7.x-2.24 Security Vulnerabilities
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-02-01
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-02-01
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-02-01