CVE-2013-1831: Infoleak
First published: Mon Mar 25 2013(Updated: )
lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/moodle/moodle | >=2.4.0<2.4.2 | 2.4.2 |
| composer/moodle/moodle | >=2.3.0<2.3.5 | 2.3.5 |
| composer/moodle/moodle | >=2.2.0<2.2.8 | 2.2.8 |
| composer/moodle/moodle | <=2.1.10 | |
| Moodle | =1.1.1 | |
| Moodle | =1.2.0 | |
| Moodle | =1.2.1 | |
| Moodle | =1.3.0 | |
| Moodle | =1.3.1 | |
| Moodle | =1.3.2 | |
| Moodle | =1.3.3 | |
| Moodle | =1.3.4 | |
| Moodle | =1.4.1 | |
| Moodle | =1.4.2 | |
| Moodle | =1.4.3 | |
| Moodle | =1.4.4 | |
| Moodle | =1.4.5 | |
| Moodle | =1.5 | |
| Moodle | =1.5.0-beta | |
| Moodle | =1.5.1 | |
| Moodle | =1.5.2 | |
| Moodle | =1.5.3 | |
| Moodle | =1.6.0 | |
| Moodle | =1.6.1 | |
| Moodle | =1.6.2 | |
| Moodle | =1.6.3 | |
| Moodle | =1.6.4 | |
| Moodle | =1.6.5 | |
| Moodle | =1.6.6 | |
| Moodle | =1.6.7 | |
| Moodle | =1.6.8 | |
| Moodle | =1.7.1 | |
| Moodle | =1.7.2 | |
| Moodle | =1.7.3 | |
| Moodle | =1.7.4 | |
| Moodle | =1.7.5 | |
| Moodle | =1.7.6 | |
| Moodle | =1.8.1 | |
| Moodle | =1.8.2 | |
| Moodle | =1.8.3 | |
| Moodle | =1.8.4 | |
| Moodle | =1.8.5 | |
| Moodle | =1.8.6 | |
| Moodle | =1.8.7 | |
| Moodle | =1.8.8 | |
| Moodle | =1.8.9 | |
| Moodle | =1.8.10 | |
| Moodle | =1.8.11 | |
| Moodle | =1.8.12 | |
| Moodle | =1.8.13 | |
| Moodle | =1.8.14 | |
| Moodle | =1.9.1 | |
| Moodle | =1.9.2 | |
| Moodle | =1.9.3 | |
| Moodle | =1.9.4 | |
| Moodle | =1.9.5 | |
| Moodle | =1.9.6 | |
| Moodle | =1.9.7 | |
| Moodle | =1.9.8 | |
| Moodle | =1.9.9 | |
| Moodle | =1.9.10 | |
| Moodle | =1.9.11 | |
| Moodle | =1.9.12 | |
| Moodle | =1.9.13 | |
| Moodle | =1.9.14 | |
| Moodle | =1.9.15 | |
| Moodle | =1.9.16 | |
| Moodle | =1.9.17 | |
| Moodle | =1.9.18 | |
| Moodle | =2.0.0 | |
| Moodle | =2.0.1 | |
| Moodle | =2.0.2 | |
| Moodle | =2.0.3 | |
| Moodle | =2.0.4 | |
| Moodle | =2.0.5 | |
| Moodle | =2.0.6 | |
| Moodle | =2.0.7 | |
| Moodle | =2.0.8 | |
| Moodle | =2.0.9 | |
| Moodle | =2.1.0 | |
| Moodle | =2.1.1 | |
| Moodle | =2.1.2 | |
| Moodle | =2.1.3 | |
| Moodle | =2.1.4 | |
| Moodle | =2.1.5 | |
| Moodle | =2.1.6 | |
| Moodle | =2.1.7 | |
| Moodle | =2.1.8 | |
| Moodle | =2.1.9 | |
| Moodle | =2.1.10 | |
| Moodle | =2.2.0 | |
| Moodle | =2.2.1 | |
| Moodle | =2.2.2 | |
| Moodle | =2.2.3 | |
| Moodle | =2.2.4 | |
| Moodle | =2.2.5 | |
| Moodle | =2.2.6 | |
| Moodle | =2.2.7 | |
| Moodle | =2.3.0 | |
| Moodle | =2.3.1 | |
| Moodle | =2.3.2 | |
| Moodle | =2.3.3 | |
| Moodle | =2.3.4 | |
| Moodle | =2.4.0 | |
| Moodle | =2.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36901
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
- http://openwall.com/lists/oss-security/2013/03/25/2
- https://moodle.org/mod/forum/discuss.php?d=225342
- https://nvd.nist.gov/vuln/detail/CVE-2013-1831
- https://github.com/moodle/moodle/commit/2c7cdbb3b0b6ba4dd64297463d37a5acbd730216
- https://github.com/moodle/moodle/commit/53c66110a878f4f4644728138ea97c22990263e3
- https://github.com/moodle/moodle/commit/8d220cb552d9c55b98aef70e2f40ef560efeb79b
- https://github.com/moodle/moodle/commit/b3daaada49a2dd83a4f1e832465d5c318f9f275c
- https://github.com/advisories/GHSA-xr24-jp5c-6c4v (Advisory)
Frequently Asked Questions
What is the severity of CVE-2013-1831?
CVE-2013-1831 has a medium severity rating due to the potential for sensitive information exposure.
How do I fix CVE-2013-1831?
To fix CVE-2013-1831, upgrade to Moodle version 2.4.2, 2.3.5, or 2.2.8 or later.
What type of vulnerability is CVE-2013-1831?
CVE-2013-1831 is an information disclosure vulnerability.
Which versions of Moodle are affected by CVE-2013-1831?
CVE-2013-1831 affects Moodle versions up to and including 2.1.10, as well as specific earlier versions of 2.2.x, 2.3.x, and 2.4.x.
What happens if I do not patch CVE-2013-1831?
Failing to patch CVE-2013-1831 could allow remote attackers to gain access to sensitive path information from the server.
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-xr24-jp5c-6c4v
- alias/CVE-2013-1831
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/remedy
- agent/references
- agent/softwarecombine
- agent/description
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/moodle
- canonical/moodle
- version/moodle/1.1.1
- version/moodle/1.2.0
- version/moodle/1.2.1
- version/moodle/1.3.0
- version/moodle/1.3.1
- version/moodle/1.3.2
- version/moodle/1.3.3
- version/moodle/1.3.4
- version/moodle/1.4.1
- version/moodle/1.4.2
- version/moodle/1.4.3
- version/moodle/1.4.4
- version/moodle/1.4.5
- version/moodle/1.5
- version/moodle/1.5.0-beta
- version/moodle/1.5.1
- version/moodle/1.5.2
- version/moodle/1.5.3
- version/moodle/1.6.0
- version/moodle/1.6.1
- version/moodle/1.6.2
- version/moodle/1.6.3
- version/moodle/1.6.4
- version/moodle/1.6.5
- version/moodle/1.6.6
- version/moodle/1.6.7
- version/moodle/1.6.8
- version/moodle/1.7.1
- version/moodle/1.7.2
- version/moodle/1.7.3
- version/moodle/1.7.4
- version/moodle/1.7.5
- version/moodle/1.7.6
- version/moodle/1.8.1
- version/moodle/1.8.2
- version/moodle/1.8.3
- version/moodle/1.8.4
- version/moodle/1.8.5
- version/moodle/1.8.6
- version/moodle/1.8.7
- version/moodle/1.8.8
- version/moodle/1.8.9
- version/moodle/1.8.10
- version/moodle/1.8.11
- version/moodle/1.8.12
- version/moodle/1.8.13
- version/moodle/1.8.14
- version/moodle/1.9.1
- version/moodle/1.9.2
- version/moodle/1.9.3
- version/moodle/1.9.4
- version/moodle/1.9.5
- version/moodle/1.9.6
- version/moodle/1.9.7
- version/moodle/1.9.8
- version/moodle/1.9.9
- version/moodle/1.9.10
- version/moodle/1.9.11
- version/moodle/1.9.12
- version/moodle/1.9.13
- version/moodle/1.9.14
- version/moodle/1.9.15
- version/moodle/1.9.16
- version/moodle/1.9.17
- version/moodle/1.9.18
- version/moodle/2.0.0
- version/moodle/2.0.1
- version/moodle/2.0.2
- version/moodle/2.0.3
- version/moodle/2.0.4
- version/moodle/2.0.5
- version/moodle/2.0.6
- version/moodle/2.0.7
- version/moodle/2.0.8
- version/moodle/2.0.9
- version/moodle/2.1.0
- version/moodle/2.1.1
- version/moodle/2.1.2
- version/moodle/2.1.3
- version/moodle/2.1.4
- version/moodle/2.1.5
- version/moodle/2.1.6
- version/moodle/2.1.7
- version/moodle/2.1.8
- version/moodle/2.1.9
- version/moodle/2.1.10
- version/moodle/2.2.0
- version/moodle/2.2.1
- version/moodle/2.2.2
- version/moodle/2.2.3
- version/moodle/2.2.4
- version/moodle/2.2.5
- version/moodle/2.2.6
- version/moodle/2.2.7
- version/moodle/2.3.0
- version/moodle/2.3.1
- version/moodle/2.3.2
- version/moodle/2.3.3
- version/moodle/2.3.4
- version/moodle/2.4.0
- version/moodle/2.4.1