The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.Referenceshttp://www.openwall.com/lists/oss-security/2015/01/04/6https://exchange.xforce.ibmcloud.com/vulnerabilities/99657https://www.drupal.org/node/2394979https://www.drupal.org/node/2395045
