CVE-2013-1835: Infoleak
First published: Mon Mar 25 2013(Updated: )
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle Moodle | =2.0.0 | |
| Moodle Moodle | =2.0.1 | |
| Moodle Moodle | =2.0.2 | |
| Moodle Moodle | =2.0.3 | |
| Moodle Moodle | =2.0.4 | |
| Moodle Moodle | =2.0.5 | |
| Moodle Moodle | =2.0.6 | |
| Moodle Moodle | =2.0.7 | |
| Moodle Moodle | =2.0.8 | |
| Moodle Moodle | =2.0.9 | |
| Moodle Moodle | =2.1.0 | |
| Moodle Moodle | =2.1.1 | |
| Moodle Moodle | =2.1.2 | |
| Moodle Moodle | =2.1.3 | |
| Moodle Moodle | =2.1.4 | |
| Moodle Moodle | =2.1.5 | |
| Moodle Moodle | =2.1.6 | |
| Moodle Moodle | =2.1.7 | |
| Moodle Moodle | =2.1.8 | |
| Moodle Moodle | =2.1.9 | |
| Moodle Moodle | =2.1.10 | |
| Moodle Moodle | =2.2.0 | |
| Moodle Moodle | =2.2.1 | |
| Moodle Moodle | =2.2.2 | |
| Moodle Moodle | =2.2.3 | |
| Moodle Moodle | =2.2.4 | |
| Moodle Moodle | =2.2.5 | |
| Moodle Moodle | =2.2.6 | |
| Moodle Moodle | =2.2.7 | |
| Moodle Moodle | =2.3.0 | |
| Moodle Moodle | =2.3.1 | |
| Moodle Moodle | =2.3.2 | |
| Moodle Moodle | =2.3.3 | |
| Moodle Moodle | =2.3.4 | |
| Moodle Moodle | =2.4.0 | |
| Moodle Moodle | =2.4.1 | |
| composer/moodle/moodle | >=2.4.0<2.4.2 | 2.4.2 |
| composer/moodle/moodle | >=2.3.0<2.3.5 | 2.3.5 |
| composer/moodle/moodle | >=2.0.0<2.2.8 | 2.2.8 |
| =2.0.0 | ||
| =2.0.1 | ||
| =2.0.2 | ||
| =2.0.3 | ||
| =2.0.4 | ||
| =2.0.5 | ||
| =2.0.6 | ||
| =2.0.7 | ||
| =2.0.8 | ||
| =2.0.9 | ||
| =2.1.0 | ||
| =2.1.1 | ||
| =2.1.2 | ||
| =2.1.3 | ||
| =2.1.4 | ||
| =2.1.5 | ||
| =2.1.6 | ||
| =2.1.7 | ||
| =2.1.8 | ||
| =2.1.9 | ||
| =2.1.10 | ||
| =2.2.0 | ||
| =2.2.1 | ||
| =2.2.2 | ||
| =2.2.3 | ||
| =2.2.4 | ||
| =2.2.5 | ||
| =2.2.6 | ||
| =2.2.7 | ||
| =2.3.0 | ||
| =2.3.1 | ||
| =2.3.2 | ||
| =2.3.3 | ||
| =2.3.4 | ||
| =2.4.0 | ||
| =2.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
- http://openwall.com/lists/oss-security/2013/03/25/2
- https://moodle.org/mod/forum/discuss.php?d=225347
- https://nvd.nist.gov/vuln/detail/CVE-2013-1835
- https://github.com/moodle/moodle/commit/31581ae65df05ea64031ac24c8b8f817414f1379
- https://github.com/moodle/moodle/commit/6153c8040dd6ecdf03070ad6b538845c263bf722
- https://github.com/moodle/moodle/commit/ded4050f1bb050770df3bc8e78dcfadf815011ea
- https://github.com/advisories/GHSA-cc94-hwj3-rf65 (Advisory)
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-cc94-hwj3-rf65
- alias/CVE-2013-1835
- agent/software-canonical-lookup
- agent/remedy
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- collector/mitre-cve
- source/MITRE
- vendor/moodle
- canonical/moodle moodle
- version/moodle moodle/2.0.0
- version/moodle moodle/2.0.1
- version/moodle moodle/2.0.2
- version/moodle moodle/2.0.3
- version/moodle moodle/2.0.4
- version/moodle moodle/2.0.5
- version/moodle moodle/2.0.6
- version/moodle moodle/2.0.7
- version/moodle moodle/2.0.8
- version/moodle moodle/2.0.9
- version/moodle moodle/2.1.0
- version/moodle moodle/2.1.1
- version/moodle moodle/2.1.2
- version/moodle moodle/2.1.3
- version/moodle moodle/2.1.4
- version/moodle moodle/2.1.5
- version/moodle moodle/2.1.6
- version/moodle moodle/2.1.7
- version/moodle moodle/2.1.8
- version/moodle moodle/2.1.9
- version/moodle moodle/2.1.10
- version/moodle moodle/2.2.0
- version/moodle moodle/2.2.1
- version/moodle moodle/2.2.2
- version/moodle moodle/2.2.3
- version/moodle moodle/2.2.4
- version/moodle moodle/2.2.5
- version/moodle moodle/2.2.6
- version/moodle moodle/2.2.7
- version/moodle moodle/2.3.0
- version/moodle moodle/2.3.1
- version/moodle moodle/2.3.2
- version/moodle moodle/2.3.3
- version/moodle moodle/2.3.4
- version/moodle moodle/2.4.0
- version/moodle moodle/2.4.1
- package-manager/composer