CVE-2013-4498

Опубликовано: 17 мая 2014

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.

Ссылки

http://seclists.org/oss-sec/2013/q4/210
https://drupal.org/node/2118717
Patch
Vendor Advisory
https://drupal.org/node/2118745
Patch
http://seclists.org/oss-sec/2013/q4/210
https://drupal.org/node/2118717
Patch
Vendor Advisory
https://drupal.org/node/2118745
Patch

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:florian_weber:spaces:6.x-3.0:*:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta1:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta2:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta3:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta4:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta5:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta6:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.0:r1:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.0:r2:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.1:*:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.2:*:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.3:*:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.4:*:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.5:*:*:*:*:*:*:*

cpe:2.3:a:florian_weber:spaces:6.x-3.6:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00199

Низкий

2.1 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-r44v-cp4f-j8gv

github

около 3 лет назад