CVE-2013-4498 Information

Description

The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group which causes the content to be \orphaned\ and allows remote authenticated users with the \access content\ permission to obtain sensitive information via vectors involving a rebuild access for the site or content.

Reference

http://seclists.org/oss-sec/2013/q4/210 https://drupal.org/node/2118717 https://drupal.org/node/2118745