PT-2013-3420 · Moodle · Moodle
Andrew Nicols
·
Publicado
2013-03-11
·
Atualizado
2022-05-13
·
CVE-2013-1835
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.0 through 2.1.10
Moodle versions 2.2.x through 2.2.7
Moodle versions 2.3.x through 2.3.4
Moodle versions 2.4.x through 2.4.1
Description
The issue allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the
login as feature.Recommendations
For versions 2.0 through 2.1.10, update to a version after 2.1.10 to resolve the issue.
For versions 2.2.x through 2.2.7, update to version 2.2.8 or later to resolve the issue.
For versions 2.3.x through 2.3.4, update to version 2.3.5 or later to resolve the issue.
For versions 2.4.x through 2.4.1, update to version 2.4.2 or later to resolve the issue.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Moodle