CVE-2013-4938

Name of the Vulnerable Software and Affected Versions Moodle versions 2.1.10 and earlier, 2.2.x through 2.2.10, 2.3.x through 2.3.7, 2.4.x through 2.4.4, 2.5.x through 2.5.0

Description The issue concerns the LTI (also known as IMS-LTI) mod form implementation, which does not properly support certain settings. This allows remote attackers to obtain sensitive information under specific circumstances, by leveraging an environment where there was an ineffective attempt to enable more secure values. The settings in question are sendname, sendemailaddr, and acceptgrades.

Recommendations For versions 2.1.10 and earlier, update to a version later than 2.1.10 to resolve the issue. For versions 2.2.x through 2.2.10, update to version 2.2.11 or later. For versions 2.3.x through 2.3.7, update to version 2.3.8 or later. For versions 2.4.x through 2.4.4, update to version 2.4.5 or later. For versions 2.5.x through 2.5.0, update to version 2.5.1 or later.