Vulnerabilites related to florian_weber - spaces
Vulnerability from fkie_nvd
Published
2012-07-18 18:55
Modified
2024-11-21 01:38
Severity ?
Summary
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.1 | |
florian_weber | spaces | 6.x-3.2 | |
florian_weber | spaces | 6.x-3.3 | |
drupal | drupal | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:*:*:*:*:*:*:*", matchCriteriaId: "B1CC67A4-5738-4B8F-BE5C-88CA25421429", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "5D25D0B7-B244-4B26-A12C-9EDD7819A2DA", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha2:*:*:*:*:*:*", matchCriteriaId: "C47605FB-4CC3-4EB9-920B-26262B7A6A7D", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta1:*:*:*:*:*:*", matchCriteriaId: "459CB0BD-CAD0-4A0B-AD85-E95BF8A435F6", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta2:*:*:*:*:*:*", matchCriteriaId: "4BA90A0E-B5A0-4601-B0A3-0CE799E3F36F", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta3:*:*:*:*:*:*", matchCriteriaId: "6C425F11-21B1-4711-9DFD-D01E0552A85E", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta4:*:*:*:*:*:*", matchCriteriaId: "E6950379-D3E8-4EA7-85C8-9B8AFC866179", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta5:*:*:*:*:*:*", matchCriteriaId: "1E54DCB9-B15B-47C9-A615-E21732129089", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta6:*:*:*:*:*:*", matchCriteriaId: "F7B82BE1-7EBC-4FFB-A458-E8873D34A48E", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:r1:*:*:*:*:*:*", matchCriteriaId: "4152DF10-495C-4C41-8E3F-911556AE7533", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:r2:*:*:*:*:*:*", matchCriteriaId: "93285C66-DEE3-4DC7-A3EF-21DE03715C82", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.1:*:*:*:*:*:*:*", matchCriteriaId: "8F131660-BB9E-429D-9862-1302ACEB5E70", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.2:*:*:*:*:*:*:*", matchCriteriaId: "E8A86D65-402B-4D80-B774-294BC38572DE", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.3:*:*:*:*:*:*:*", matchCriteriaId: "C87A533E-C7E7-4A32-8A66-D568183006B4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B1170D-AD33-4C7A-892D-63AC71B032CF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.", }, { lang: "es", value: "El módulo Spaces v6.x-3.x antes de v6.x-3.4 para Drupal no cumple los permisos de páginas no-objeto, lo que permite a atacantes remotos obtener información sensible y posiblemente tener otros impactos a través de vectores no especificados sobre (1) Spaces o (2) el módulo Spaces OG.", }, ], id: "CVE-2012-2303", lastModified: "2024-11-21T01:38:50.797", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-07-18T18:55:03.103", references: [ { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://drupal.org/node/1547730", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://drupal.org/node/1547736", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "http://drupalcode.org/project/spaces.git/commitdiff/cee919c", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/48930", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/03/1", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/03/2", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/81556", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/53252", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://drupal.org/node/1547730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://drupal.org/node/1547736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://drupalcode.org/project/spaces.git/commitdiff/cee919c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/48930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/03/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/03/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/81556", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/53252", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-05-17 20:55
Modified
2024-11-21 01:55
Severity ?
Summary
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.0 | |
florian_weber | spaces | 6.x-3.1 | |
florian_weber | spaces | 6.x-3.2 | |
florian_weber | spaces | 6.x-3.3 | |
florian_weber | spaces | 6.x-3.4 | |
florian_weber | spaces | 6.x-3.5 | |
florian_weber | spaces | 6.x-3.6 | |
drupal | drupal | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:*:*:*:*:*:*:*", matchCriteriaId: "B1CC67A4-5738-4B8F-BE5C-88CA25421429", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "5D25D0B7-B244-4B26-A12C-9EDD7819A2DA", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha2:*:*:*:*:*:*", matchCriteriaId: "C47605FB-4CC3-4EB9-920B-26262B7A6A7D", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta1:*:*:*:*:*:*", matchCriteriaId: "459CB0BD-CAD0-4A0B-AD85-E95BF8A435F6", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta2:*:*:*:*:*:*", matchCriteriaId: "4BA90A0E-B5A0-4601-B0A3-0CE799E3F36F", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta3:*:*:*:*:*:*", matchCriteriaId: "6C425F11-21B1-4711-9DFD-D01E0552A85E", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta4:*:*:*:*:*:*", matchCriteriaId: "E6950379-D3E8-4EA7-85C8-9B8AFC866179", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta5:*:*:*:*:*:*", matchCriteriaId: "1E54DCB9-B15B-47C9-A615-E21732129089", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta6:*:*:*:*:*:*", matchCriteriaId: "F7B82BE1-7EBC-4FFB-A458-E8873D34A48E", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:r1:*:*:*:*:*:*", matchCriteriaId: "4152DF10-495C-4C41-8E3F-911556AE7533", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.0:r2:*:*:*:*:*:*", matchCriteriaId: "93285C66-DEE3-4DC7-A3EF-21DE03715C82", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.1:*:*:*:*:*:*:*", matchCriteriaId: "8F131660-BB9E-429D-9862-1302ACEB5E70", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.2:*:*:*:*:*:*:*", matchCriteriaId: "E8A86D65-402B-4D80-B774-294BC38572DE", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.3:*:*:*:*:*:*:*", matchCriteriaId: "C87A533E-C7E7-4A32-8A66-D568183006B4", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.4:*:*:*:*:*:*:*", matchCriteriaId: "34CCA764-00D8-4EED-95A2-AC7777149FFF", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.5:*:*:*:*:*:*:*", matchCriteriaId: "B455425A-09F6-48F9-9399-1D3196EEFB95", vulnerable: true, }, { criteria: "cpe:2.3:a:florian_weber:spaces:6.x-3.6:*:*:*:*:*:*:*", matchCriteriaId: "98FEE3FC-626B-4473-B9B3-CCA220D8CC5F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B1170D-AD33-4C7A-892D-63AC71B032CF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be \"orphaned\" and allows remote authenticated users with the \"access content\" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.", }, { lang: "es", value: "El submódulo Spaces OG en el módulo Spaces 6.x-3.x anterior a 6.x-3.7 para Drupal no elimina debidamente contenido de espacios grupo grupo orgánico cuando utiliza la opción para trasladar a un grupo nuevo, lo que causa que el contenido quede 'huerfano' y permite a usuarios remotos autenticados con el permiso 'acceder a contenido' obtener información sensible a través de vectores involucrando un acceso de reconstrucción para el sitio o contenido.", }, ], id: "CVE-2013-4498", lastModified: "2024-11-21T01:55:41.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-05-17T20:55:02.257", references: [ { source: "secalert@redhat.com", url: "http://seclists.org/oss-sec/2013/q4/210", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://drupal.org/node/2118717", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://drupal.org/node/2118745", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/oss-sec/2013/q4/210", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://drupal.org/node/2118717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://drupal.org/node/2118745", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2012-2303
Vulnerability from cvelistv5
Published
2012-07-18 18:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
References
▼ | URL | Tags |
---|---|---|
http://drupal.org/node/1547736 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2012/05/03/2 | mailing-list, x_refsource_MLIST | |
http://www.osvdb.org/81556 | vdb-entry, x_refsource_OSVDB | |
http://drupalcode.org/project/spaces.git/commitdiff/cee919c | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/53252 | vdb-entry, x_refsource_BID | |
http://drupal.org/node/1547730 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2012/05/03/1 | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/48930 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:26:09.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://drupal.org/node/1547736", }, { name: "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/03/2", }, { name: "81556", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/81556", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://drupalcode.org/project/spaces.git/commitdiff/cee919c", }, { name: "53252", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/53252", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://drupal.org/node/1547730", }, { name: "[oss-security] 20120502 CVE Request for Drupal contributed modules", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/03/1", }, { name: "48930", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48930", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-03-21T00:00:00", descriptions: [ { lang: "en", value: "The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-07-25T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://drupal.org/node/1547736", }, { name: "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/03/2", }, { name: "81556", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/81556", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://drupalcode.org/project/spaces.git/commitdiff/cee919c", }, { name: "53252", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/53252", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://drupal.org/node/1547730", }, { name: "[oss-security] 20120502 CVE Request for Drupal contributed modules", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/03/1", }, { name: "48930", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48930", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-2303", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://drupal.org/node/1547736", refsource: "MISC", url: "http://drupal.org/node/1547736", }, { name: "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/05/03/2", }, { name: "81556", refsource: "OSVDB", url: "http://www.osvdb.org/81556", }, { name: "http://drupalcode.org/project/spaces.git/commitdiff/cee919c", refsource: "CONFIRM", url: "http://drupalcode.org/project/spaces.git/commitdiff/cee919c", }, { name: "53252", refsource: "BID", url: "http://www.securityfocus.com/bid/53252", }, { name: "http://drupal.org/node/1547730", refsource: "CONFIRM", url: "http://drupal.org/node/1547730", }, { name: "[oss-security] 20120502 CVE Request for Drupal contributed modules", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/05/03/1", }, { name: "48930", refsource: "SECUNIA", url: "http://secunia.com/advisories/48930", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-2303", datePublished: "2012-07-18T18:00:00", dateReserved: "2012-04-19T00:00:00", dateUpdated: "2024-08-06T19:26:09.067Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4498
Vulnerability from cvelistv5
Published
2014-05-17 20:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.
References
▼ | URL | Tags |
---|---|---|
https://drupal.org/node/2118717 | x_refsource_MISC | |
https://drupal.org/node/2118745 | x_refsource_CONFIRM | |
http://seclists.org/oss-sec/2013/q4/210 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:45:15.110Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://drupal.org/node/2118717", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://drupal.org/node/2118745", }, { name: "[oss-security] 20131103 Re: CVE request for Drupal contributed modules", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2013/q4/210", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-10-23T00:00:00", descriptions: [ { lang: "en", value: "The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be \"orphaned\" and allows remote authenticated users with the \"access content\" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-05-17T19:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://drupal.org/node/2118717", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://drupal.org/node/2118745", }, { name: "[oss-security] 20131103 Re: CVE request for Drupal contributed modules", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2013/q4/210", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4498", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be \"orphaned\" and allows remote authenticated users with the \"access content\" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://drupal.org/node/2118717", refsource: "MISC", url: "https://drupal.org/node/2118717", }, { name: "https://drupal.org/node/2118745", refsource: "CONFIRM", url: "https://drupal.org/node/2118745", }, { name: "[oss-security] 20131103 Re: CVE request for Drupal contributed modules", refsource: "MLIST", url: "http://seclists.org/oss-sec/2013/q4/210", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4498", datePublished: "2014-05-17T20:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:45:15.110Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }