CVE-2013-4498 - OpenCVE

The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Florian Weber	Spaces

Configuration 1 [-]

AND

OR	cpe:2.3:a:florian_weber:spaces:6.x-3.0:::::::*
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha1::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha2::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta1::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta2::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta3::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta4::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta5::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta6::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:r1::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:r2::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.1:::::::*
	cpe:2.3:a:florian_weber:spaces:6.x-3.2:::::::*
	cpe:2.3:a:florian_weber:spaces:6.x-3.3:::::::*
	cpe:2.3:a:florian_weber:spaces:6.x-3.4:::::::*
	cpe:2.3:a:florian_weber:spaces:6.x-3.5:::::::*
	cpe:2.3:a:florian_weber:spaces:6.x-3.6:::::::*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/oss-sec/2013/q4/210
https://drupal.org/node/2118717
https://drupal.org/node/2118745

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-05-17T20:00:00

Updated: 2024-08-06T16:45:15.110Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4498

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-05-17T20:55:02.257

Modified: 2014-05-19T16:45:27.577

Link: CVE-2013-4498

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be \"orphaned\" and allows remote authenticated users with the \"access content\" permission to obtain sensitive information via vectors involving a rebuild access for the site or content."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-17T19:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/2118717"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2118745"}, {"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2013/q4/210"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4498", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be \"orphaned\" and allows remote authenticated users with the \"access content\" permission to obtain sensitive information via vectors involving a rebuild access for the site or content."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drupal.org/node/2118717", "refsource": "MISC", "url": "https://drupal.org/node/2118717"}, {"name": "https://drupal.org/node/2118745", "refsource": "CONFIRM", "url": "https://drupal.org/node/2118745"}, {"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2013/q4/210"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:15.110Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drupal.org/node/2118717"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://drupal.org/node/2118745"}, {"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q4/210"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4498", "datePublished": "2014-05-17T20:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:15.110Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1CC67A4-5738-4B8F-BE5C-88CA25421429", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "5D25D0B7-B244-4B26-A12C-9EDD7819A2DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "C47605FB-4CC3-4EB9-920B-26262B7A6A7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "459CB0BD-CAD0-4A0B-AD85-E95BF8A435F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "4BA90A0E-B5A0-4601-B0A3-0CE799E3F36F", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "6C425F11-21B1-4711-9DFD-D01E0552A85E", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "E6950379-D3E8-4EA7-85C8-9B8AFC866179", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "1E54DCB9-B15B-47C9-A615-E21732129089", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "F7B82BE1-7EBC-4FFB-A458-E8873D34A48E", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:r1:*:*:*:*:*:*", "matchCriteriaId": "4152DF10-495C-4C41-8E3F-911556AE7533", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:r2:*:*:*:*:*:*", "matchCriteriaId": "93285C66-DEE3-4DC7-A3EF-21DE03715C82", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.1:*:*:*:*:*:*:*", "matchCriteriaId": "8F131660-BB9E-429D-9862-1302ACEB5E70", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.2:*:*:*:*:*:*:*", "matchCriteriaId": "E8A86D65-402B-4D80-B774-294BC38572DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C87A533E-C7E7-4A32-8A66-D568183006B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.4:*:*:*:*:*:*:*", "matchCriteriaId": "34CCA764-00D8-4EED-95A2-AC7777149FFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B455425A-09F6-48F9-9399-1D3196EEFB95", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.6:*:*:*:*:*:*:*", "matchCriteriaId": "98FEE3FC-626B-4473-B9B3-CCA220D8CC5F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be \"orphaned\" and allows remote authenticated users with the \"access content\" permission to obtain sensitive information via vectors involving a rebuild access for the site or content."}, {"lang": "es", "value": "El subm\u00f3dulo Spaces OG en el m\u00f3dulo Spaces 6.x-3.x anterior a 6.x-3.7 para Drupal no elimina debidamente contenido de espacios grupo grupo org\u00e1nico cuando utiliza la opci\u00f3n para trasladar a un grupo nuevo, lo que causa que el contenido quede 'huerfano' y permite a usuarios remotos autenticados con el permiso 'acceder a contenido' obtener informaci\u00f3n sensible a trav\u00e9s de vectores involucrando un acceso de reconstrucci\u00f3n para el sitio o contenido."}], "id": "CVE-2013-4498", "lastModified": "2014-05-19T16:45:27.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-17T20:55:02.257", "references": [{"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2013/q4/210"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://drupal.org/node/2118717"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://drupal.org/node/2118745"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}