The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Spaces | Florian_weber | 6.x-3.0 (including) | 6.x-3.0 (including) |
| Spaces | Florian_weber | 6.x-3.0-alpha1 (including) | 6.x-3.0-alpha1 (including) |
| Spaces | Florian_weber | 6.x-3.0-alpha2 (including) | 6.x-3.0-alpha2 (including) |
| Spaces | Florian_weber | 6.x-3.0-beta1 (including) | 6.x-3.0-beta1 (including) |
| Spaces | Florian_weber | 6.x-3.0-beta2 (including) | 6.x-3.0-beta2 (including) |
| Spaces | Florian_weber | 6.x-3.0-beta3 (including) | 6.x-3.0-beta3 (including) |
| Spaces | Florian_weber | 6.x-3.0-beta4 (including) | 6.x-3.0-beta4 (including) |
| Spaces | Florian_weber | 6.x-3.0-beta5 (including) | 6.x-3.0-beta5 (including) |
| Spaces | Florian_weber | 6.x-3.0-beta6 (including) | 6.x-3.0-beta6 (including) |
| Spaces | Florian_weber | 6.x-3.0-r1 (including) | 6.x-3.0-r1 (including) |
| Spaces | Florian_weber | 6.x-3.0-r2 (including) | 6.x-3.0-r2 (including) |
| Spaces | Florian_weber | 6.x-3.1 (including) | 6.x-3.1 (including) |
| Spaces | Florian_weber | 6.x-3.2 (including) | 6.x-3.2 (including) |
| Spaces | Florian_weber | 6.x-3.3 (including) | 6.x-3.3 (including) |