The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with access content permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Open_atrium | Open_atrium_project | 7.x-2.0 | * |
Open_atrium | Open_atrium_project | 7.x-2.0 | 7.x-2.0 |
Open_atrium | Open_atrium_project | 7.x-2.0 | 7.x-2.0 |
Open_atrium | Open_atrium_project | 7.x-2.0 | 7.x-2.0 |
Open_atrium | Open_atrium_project | 7.x-2.0 | 7.x-2.0 |
Open_atrium | Open_atrium_project | 7.x-2.0 | 7.x-2.0 |
Open_atrium | Open_atrium_project | 7.x-2.0 | 7.x-2.0 |
Open_atrium | Open_atrium_project | 7.x-2.0 | 7.x-2.0 |
Open_atrium | Open_atrium_project | 7.x-2.0 | 7.x-2.0 |
Open_atrium | Open_atrium_project | 7.x-2.0 | 7.x-2.0 |
Open_atrium | Open_atrium_project | 7.x-2.0 | 7.x-2.0 |