PT-2013-3621 · Moodle · Moodle

Francois Gauthier

·

Published

2013-07-21

·

Updated

2020-12-01

·

CVE-2013-2246

CVSS v2.0

4.0

Medium

VectorAV:N/AC:L/Au:S/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Moodle versions 2.1.10 and earlier, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1
Description The issue allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time, because the mod/feedback/lib.php file in Moodle does not consider the mod/feedback:view capability before displaying recent feedback.
Recommendations For versions 2.1.10 and earlier, update to a version later than 2.1.10. For versions 2.2.x before 2.2.11, update to version 2.2.11 or later. For versions 2.3.x before 2.3.8, update to version 2.3.8 or later. For versions 2.4.x before 2.4.5, update to version 2.4.5 or later. For versions 2.5.x before 2.5.1, update to version 2.5.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-2246
MGASA-2013-0217

Affected Products

Moodle