CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2013-4498
https://notcve.org/view.php?id=CVE-2013-4498
17 May 2014 — The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content. El submódulo Spaces OG en el módulo Spaces 6.x-3.x anterior a 6.x-3.7 para Drupal no elimina debidamente contenido... • http://seclists.org/oss-sec/2013/q4/210 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2012-2303
https://notcve.org/view.php?id=CVE-2012-2303
18 Jul 2012 — The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module. El módulo Spaces v6.x-3.x antes de v6.x-3.4 para Drupal no cumple los permisos de páginas no-objeto, lo que permite a atacantes remotos obtener información sensible y posiblemente tener otros impactos a través de vectores no especificados sobre (1) ... • http://drupal.org/node/1547730 • CWE-264: Permissions, Privileges, and Access Controls •