The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with access content permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Open_atrium | Open_atrium_project | 7.x-2.0 (including) | 7.x-2.26 (excluding) |
| Open_atrium | Open_atrium_project | 7.x-2.0-alpha1 (including) | 7.x-2.0-alpha1 (including) |
| Open_atrium | Open_atrium_project | 7.x-2.0-alpha2 (including) | 7.x-2.0-alpha2 (including) |
| Open_atrium | Open_atrium_project | 7.x-2.0-alpha3 (including) | 7.x-2.0-alpha3 (including) |
| Open_atrium | Open_atrium_project | 7.x-2.0-alpha4 (including) | 7.x-2.0-alpha4 (including) |
| Open_atrium | Open_atrium_project | 7.x-2.0-alpha5 (including) | 7.x-2.0-alpha5 (including) |
| Open_atrium | Open_atrium_project | 7.x-2.0-beta1 (including) | 7.x-2.0-beta1 (including) |
| Open_atrium | Open_atrium_project | 7.x-2.0-beta2 (including) | 7.x-2.0-beta2 (including) |
| Open_atrium | Open_atrium_project | 7.x-2.0-beta3 (including) | 7.x-2.0-beta3 (including) |
| Open_atrium | Open_atrium_project | 7.x-2.0-beta4 (including) | 7.x-2.0-beta4 (including) |
| Open_atrium | Open_atrium_project | 7.x-2.0-rc1 (including) | 7.x-2.0-rc1 (including) |
References
- http://www.openwall.com/lists/oss-security/2015/01/04/6
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99656
- https://www.drupal.org/node/2394979
- https://www.drupal.org/node/2395045
- http://www.openwall.com/lists/oss-security/2015/01/04/6
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99656
- https://www.drupal.org/node/2394979
- https://www.drupal.org/node/2395045