CVE-2013-4498

Name of the Vulnerable Software and Affected Versions Drupal Spaces module versions 6.x-3.x before 6.x-3.7

Description The issue affects the Spaces OG submodule in the Spaces module for Drupal. It does not properly delete organic group group spaces content when the option to move to a new group is used, resulting in "orphaned" content. This allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.

Recommendations For versions 6.x-3.x before 6.x-3.7, update to version 6.x-3.7 or later to resolve the issue.