PT-2013-3420 · Moodle · Moodle
Andrew Nicols
·
Published
2013-03-11
·
Updated
2022-05-13
·
CVE-2013-1835
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.0 through 2.1.10
Moodle versions 2.2.x through 2.2.7
Moodle versions 2.3.x through 2.3.4
Moodle versions 2.4.x through 2.4.1
Description
The issue allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the
login as feature.Recommendations
For versions 2.0 through 2.1.10, update to a version after 2.1.10 to resolve the issue.
For versions 2.2.x through 2.2.7, update to version 2.2.8 or later to resolve the issue.
For versions 2.3.x through 2.3.4, update to version 2.3.5 or later to resolve the issue.
For versions 2.4.x through 2.4.1, update to version 2.4.2 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle