Lucene search

[email protected]CVE-2013-4498

HistoryMay 17, 2014 - 8:55 p.m.

CVE-2013-4498

2014-05-1720:55:02

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-4498

drupal

spaces module

access control

information disclosure

vulnerability

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.6%

JSON

The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be “orphaned” and allows remote authenticated users with the “access content” permission to obtain sensitive information via vectors involving a rebuild access for the site or content.

Affected configurations

NVD

Node

florian_weberspacesMatch6.x-3.0

florian_weberspacesMatch6.x-3.0alpha1

florian_weberspacesMatch6.x-3.0alpha2

florian_weberspacesMatch6.x-3.0beta1

florian_weberspacesMatch6.x-3.0beta2

florian_weberspacesMatch6.x-3.0beta3

florian_weberspacesMatch6.x-3.0beta4

florian_weberspacesMatch6.x-3.0beta5

florian_weberspacesMatch6.x-3.0beta6

florian_weberspacesMatch6.x-3.0r1

florian_weberspacesMatch6.x-3.0r2

florian_weberspacesMatch6.x-3.1

florian_weberspacesMatch6.x-3.2

florian_weberspacesMatch6.x-3.3

florian_weberspacesMatch6.x-3.4

florian_weberspacesMatch6.x-3.5

florian_weberspacesMatch6.x-3.6

AND

drupaldrupalMatch-

CPENameOperatorVersion
florian_weber:spacesflorian weber spaceseq6.x-3.0
florian_weber:spacesflorian weber spaceseq6.x-3.1
florian_weber:spacesflorian weber spaceseq6.x-3.2
florian_weber:spacesflorian weber spaceseq6.x-3.3
florian_weber:spacesflorian weber spaceseq6.x-3.4
florian_weber:spacesflorian weber spaceseq6.x-3.5
florian_weber:spacesflorian weber spaceseq6.x-3.6

CPE	Name	Operator	Version
florian_weber:spaces	florian weber spaces	eq	6.x-3.0
florian_weber:spaces	florian weber spaces	eq	6.x-3.1
florian_weber:spaces	florian weber spaces	eq	6.x-3.2
florian_weber:spaces	florian weber spaces	eq	6.x-3.3
florian_weber:spaces	florian weber spaces	eq	6.x-3.4
florian_weber:spaces	florian weber spaces	eq	6.x-3.5
florian_weber:spaces	florian weber spaces	eq	6.x-3.6

References

seclists.org/oss-sec/2013/q4/210

drupal.org/node/2118717

drupal.org/node/2118745

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.6%

JSON

Related for CVE-2013-4498

drupal1 prion1 cvelist1 nvd1