The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be orphaned and allows remote authenticated users with the access content permission to obtain sensitive information via vectors involving a rebuild access for the site or content.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Spaces | Florian_weber | 6.x-3.0 (including) | 6.x-3.0 (including) |
| Spaces | Florian_weber | 6.x-3.0-alpha1 (including) | 6.x-3.0-alpha1 (including) |
| Spaces | Florian_weber | 6.x-3.0-alpha2 (including) | 6.x-3.0-alpha2 (including) |
| Spaces | Florian_weber | 6.x-3.0-beta1 (including) | 6.x-3.0-beta1 (including) |
| Spaces | Florian_weber | 6.x-3.0-beta2 (including) | 6.x-3.0-beta2 (including) |
| Spaces | Florian_weber | 6.x-3.0-beta3 (including) | 6.x-3.0-beta3 (including) |
| Spaces | Florian_weber | 6.x-3.0-beta4 (including) | 6.x-3.0-beta4 (including) |
| Spaces | Florian_weber | 6.x-3.0-beta5 (including) | 6.x-3.0-beta5 (including) |
| Spaces | Florian_weber | 6.x-3.0-beta6 (including) | 6.x-3.0-beta6 (including) |
| Spaces | Florian_weber | 6.x-3.0-r1 (including) | 6.x-3.0-r1 (including) |
| Spaces | Florian_weber | 6.x-3.0-r2 (including) | 6.x-3.0-r2 (including) |
| Spaces | Florian_weber | 6.x-3.1 (including) | 6.x-3.1 (including) |
| Spaces | Florian_weber | 6.x-3.2 (including) | 6.x-3.2 (including) |
| Spaces | Florian_weber | 6.x-3.3 (including) | 6.x-3.3 (including) |
| Spaces | Florian_weber | 6.x-3.4 (including) | 6.x-3.4 (including) |
| Spaces | Florian_weber | 6.x-3.5 (including) | 6.x-3.5 (including) |
| Spaces | Florian_weber | 6.x-3.6 (including) | 6.x-3.6 (including) |