Description
The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2357295
Patch x_refsource_confirm
https://www.drupal.org/node/2357279
Scores
EPSS
0.0121
EPSS Percentile
64.7%
Details
CWE
CWE-200
Status
published
Products (1)
open_atrium_project/open_atrium
< 7.x-2.21
Published
Nov 12, 2014
Tracked Since
Feb 18, 2026