CVE-2014-8736

Open Atrium Core <7.x-2.22 - Auth Bypass

Title source: llm
STIX 2.1

Description

The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2357295
Patch x_refsource_confirm
https://www.drupal.org/node/2357279

Scores

EPSS 0.0121
EPSS Percentile 64.7%

Details

CWE
CWE-200
Status published
Products (1)
open_atrium_project/open_atrium < 7.x-2.21
Published Nov 12, 2014
Tracked Since Feb 18, 2026