The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2015/01/04/6 | Issue Tracking Mailing List |
https://exchange.xforce.ibmcloud.com/vulnerabilities/99657 | Third Party Advisory VDB Entry |
https://www.drupal.org/node/2394979 | Mitigation Vendor Advisory |
https://www.drupal.org/node/2395045 | Patch Vendor Advisory |
http://www.openwall.com/lists/oss-security/2015/01/04/6 | Issue Tracking Mailing List |
https://exchange.xforce.ibmcloud.com/vulnerabilities/99657 | Third Party Advisory VDB Entry |
https://www.drupal.org/node/2394979 | Mitigation Vendor Advisory |
https://www.drupal.org/node/2395045 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:21
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2015/01/04/6 - Issue Tracking, Mailing List | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/99657 - Third Party Advisory, VDB Entry | |
References | () https://www.drupal.org/node/2394979 - Mitigation, Vendor Advisory | |
References | () https://www.drupal.org/node/2395045 - Patch, Vendor Advisory |
Information
Published : 2018-02-01 17:29
Updated : 2024-11-21 02:21
NVD link : CVE-2014-9504
Mitre link : CVE-2014-9504
CVE.ORG link : CVE-2014-9504
JSON object : View
Products Affected
open_atrium_project
- open_atrium
CWE
CWE-284
Improper Access Control