Skip to main content

Spaces CVE-2013-4498

LOW
Permissions, Privileges, and Access Controls (CWE-264)
2014-05-17 secalert@redhat.com
2.1
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
AV:N/AC:H/Au:S/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:H/Au:S/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 17, 2014 - 20:55 cve.org
LOW 2.1

DescriptionCVE.org

The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.

AnalysisAI

The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified under CWE-264. The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content. Affected products include: Florian Weber Spaces. Version information: before 6..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2013-4498 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy