CVE-2013-1832: Infoleak
First published: Mon Mar 25 2013(Updated: )
repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/moodle/moodle | >=2.4.0<2.4.2 | 2.4.2 |
| composer/moodle/moodle | >=2.3.0<2.3.5 | 2.3.5 |
| composer/moodle/moodle | >=2.2.0<2.2.8 | 2.2.8 |
| composer/moodle/moodle | >=2.0.0<=2.1.10 | |
| Moodle | =2.0.0 | |
| Moodle | =2.0.1 | |
| Moodle | =2.0.2 | |
| Moodle | =2.0.3 | |
| Moodle | =2.0.4 | |
| Moodle | =2.0.5 | |
| Moodle | =2.0.6 | |
| Moodle | =2.0.7 | |
| Moodle | =2.0.8 | |
| Moodle | =2.0.9 | |
| Moodle | =2.1.0 | |
| Moodle | =2.1.1 | |
| Moodle | =2.1.2 | |
| Moodle | =2.1.3 | |
| Moodle | =2.1.4 | |
| Moodle | =2.1.5 | |
| Moodle | =2.1.6 | |
| Moodle | =2.1.7 | |
| Moodle | =2.1.8 | |
| Moodle | =2.1.9 | |
| Moodle | =2.1.10 | |
| Moodle | =2.2.0 | |
| Moodle | =2.2.1 | |
| Moodle | =2.2.2 | |
| Moodle | =2.2.3 | |
| Moodle | =2.2.4 | |
| Moodle | =2.2.5 | |
| Moodle | =2.2.6 | |
| Moodle | =2.2.7 | |
| Moodle | =2.3.0 | |
| Moodle | =2.3.1 | |
| Moodle | =2.3.2 | |
| Moodle | =2.3.3 | |
| Moodle | =2.3.4 | |
| Moodle | =2.4.0 | |
| Moodle | =2.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
- http://openwall.com/lists/oss-security/2013/03/25/2
- https://moodle.org/mod/forum/discuss.php?d=225343
- https://nvd.nist.gov/vuln/detail/CVE-2013-1832
- https://github.com/moodle/moodle/commit/0e94caf991d4e399726e5dc0769873d9f753a727
- https://github.com/moodle/moodle/commit/46eec6e46b89a7e8e3f08e460d917f2d1a2959d8
- https://github.com/moodle/moodle/commit/92e592385784ec7ea5b5328a0c3c1608d321ad32
- https://github.com/moodle/moodle/commit/ce96f23fe15ce6addc2f56af015452c3ea406190
- https://github.com/advisories/GHSA-pgp5-rcwp-qvfg (Advisory)
Frequently Asked Questions
What is the severity of CVE-2013-1832?
CVE-2013-1832 has a medium severity level due to its potential to expose sensitive information.
How do I fix CVE-2013-1832?
To fix CVE-2013-1832, upgrade to Moodle versions 2.4.2 or later, 2.3.5 or later, or 2.2.8 or later.
Which versions of Moodle are affected by CVE-2013-1832?
Moodle versions 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 are affected by CVE-2013-1832.
What is the nature of the vulnerability in CVE-2013-1832?
The vulnerability in CVE-2013-1832 allows remote authenticated administrators to obtain sensitive information by configuring an instance.
Can I mitigate CVE-2013-1832 without upgrading?
Mitigation of CVE-2013-1832 without upgrading is not recommended, as the best resolution is to update to a secure version.
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-pgp5-rcwp-qvfg
- alias/CVE-2013-1832
- agent/software-canonical-lookup
- agent/weakness
- agent/remedy
- agent/severity
- agent/references
- agent/description
- agent/softwarecombine
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/moodle
- canonical/moodle
- version/moodle/2.0.0
- version/moodle/2.0.1
- version/moodle/2.0.2
- version/moodle/2.0.3
- version/moodle/2.0.4
- version/moodle/2.0.5
- version/moodle/2.0.6
- version/moodle/2.0.7
- version/moodle/2.0.8
- version/moodle/2.0.9
- version/moodle/2.1.0
- version/moodle/2.1.1
- version/moodle/2.1.2
- version/moodle/2.1.3
- version/moodle/2.1.4
- version/moodle/2.1.5
- version/moodle/2.1.6
- version/moodle/2.1.7
- version/moodle/2.1.8
- version/moodle/2.1.9
- version/moodle/2.1.10
- version/moodle/2.2.0
- version/moodle/2.2.1
- version/moodle/2.2.2
- version/moodle/2.2.3
- version/moodle/2.2.4
- version/moodle/2.2.5
- version/moodle/2.2.6
- version/moodle/2.2.7
- version/moodle/2.3.0
- version/moodle/2.3.1
- version/moodle/2.3.2
- version/moodle/2.3.3
- version/moodle/2.3.4
- version/moodle/2.4.0
- version/moodle/2.4.1