CVE-2013-4498
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
17/05/2014
Last modified:
19/05/2014
Description
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.
Impact
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:florian_weber:spaces:6.x-3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha1:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha2:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta1:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta2:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta3:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta4:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta5:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta6:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.0:r1:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.0:r2:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:florian_weber:spaces:6.x-3.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page