Design/Logic Flaw

2014-05-1720:55:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.6%

JSON

The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be “orphaned” and allows remote authenticated users with the “access content” permission to obtain sensitive information via vectors involving a rebuild access for the site or content.

CPENameOperatorVersion
spaceseq6.120.30
spaceseq6.x-3.0 beta3
spaceseq6.x-3.0 beta4
spaceseq6.x-3.0 r1
spaceseq6.x-3.0 beta5
spaceseq6.x-3.0 beta2
spaceseq6.x-3.0 alpha2
spaceseq6.x-3.0 beta1
spaceseq6.x-3.0 beta6
spaceseq6.x-3.0 r2

Name	Operator	Version
spaces	eq	6.120.30
spaces	eq	6.x-3.0 beta3
spaces	eq	6.x-3.0 beta4
spaces	eq	6.x-3.0 r1
spaces	eq	6.x-3.0 beta5
spaces	eq	6.x-3.0 beta2
spaces	eq	6.x-3.0 alpha2
spaces	eq	6.x-3.0 beta1
spaces	eq	6.x-3.0 beta6
spaces	eq	6.x-3.0 r2