CVE-2013-2082
First published: Sat May 25 2013(Updated: )
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/moodle/moodle | >=2.4.0<2.4.4 | 2.4.4 |
| composer/moodle/moodle | >=2.3.0<2.3.7 | 2.3.7 |
| composer/moodle/moodle | <2.2.10 | 2.2.10 |
| Moodle | =2.1.0 | |
| Moodle | =2.1.1 | |
| Moodle | =2.1.2 | |
| Moodle | =2.1.3 | |
| Moodle | =2.1.4 | |
| Moodle | =2.1.5 | |
| Moodle | =2.1.6 | |
| Moodle | =2.1.7 | |
| Moodle | =2.1.8 | |
| Moodle | =2.1.9 | |
| Moodle | =2.1.10 | |
| Moodle | =2.2.0 | |
| Moodle | =2.2.1 | |
| Moodle | =2.2.2 | |
| Moodle | =2.2.3 | |
| Moodle | =2.2.4 | |
| Moodle | =2.2.5 | |
| Moodle | =2.2.6 | |
| Moodle | =2.2.7 | |
| Moodle | =2.2.8 | |
| Moodle | =2.2.9 | |
| Moodle | =2.3.0 | |
| Moodle | =2.3.1 | |
| Moodle | =2.3.2 | |
| Moodle | =2.3.3 | |
| Moodle | =2.3.4 | |
| Moodle | =2.3.5 | |
| Moodle | =2.3.6 | |
| Moodle | =2.4.0 | |
| Moodle | =2.4.1 | |
| Moodle | =2.4.2 | |
| Moodle | =2.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
- http://openwall.com/lists/oss-security/2013/05/21/1
- https://moodle.org/mod/forum/discuss.php?d=228934
- https://nvd.nist.gov/vuln/detail/CVE-2013-2082
- https://github.com/moodle/moodle/commit/28772fb9e7e6be01b765fb721af16901bb47e417
- https://github.com/moodle/moodle/commit/5fde58a59335bc3109a9eaac4a15d1e9217541c3
- https://github.com/moodle/moodle/commit/8aa12adcf26ff2f0b61cd6f0288f2886c8c55bf7
- https://github.com/moodle/moodle/commit/9a909b1a359f72b8d384e18da8e05474604279e1
- https://github.com/moodle/moodle/commit/cb538f0e539e833edb7cf6fa3d705e8abc5003fd
- https://github.com/moodle/moodle/commit/f9e27e8323f31186820d25252ec0d4c6cd65dafc
- https://github.com/advisories/GHSA-wp3g-pr4h-q6vv (Advisory)
Frequently Asked Questions
What is the severity of CVE-2013-2082?
CVE-2013-2082 has a medium severity rating due to the potential for unauthorized access to sensitive information.
How do I fix CVE-2013-2082?
To fix CVE-2013-2082, upgrade to Moodle versions 2.2.10, 2.3.7, or 2.4.4 or later.
What versions are affected by CVE-2013-2082?
CVE-2013-2082 affects Moodle versions through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4.
Can CVE-2013-2082 be exploited remotely?
Yes, CVE-2013-2082 can be exploited remotely by attackers through crafted requests.
What kind of information can be exposed due to CVE-2013-2082?
CVE-2013-2082 may expose sensitive information contained in blog comments.
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-wp3g-pr4h-q6vv
- alias/CVE-2013-2082
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/remedy
- agent/description
- agent/softwarecombine
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/moodle
- canonical/moodle
- version/moodle/2.1.0
- version/moodle/2.1.1
- version/moodle/2.1.2
- version/moodle/2.1.3
- version/moodle/2.1.4
- version/moodle/2.1.5
- version/moodle/2.1.6
- version/moodle/2.1.7
- version/moodle/2.1.8
- version/moodle/2.1.9
- version/moodle/2.1.10
- version/moodle/2.2.0
- version/moodle/2.2.1
- version/moodle/2.2.2
- version/moodle/2.2.3
- version/moodle/2.2.4
- version/moodle/2.2.5
- version/moodle/2.2.6
- version/moodle/2.2.7
- version/moodle/2.2.8
- version/moodle/2.2.9
- version/moodle/2.3.0
- version/moodle/2.3.1
- version/moodle/2.3.2
- version/moodle/2.3.3
- version/moodle/2.3.4
- version/moodle/2.3.5
- version/moodle/2.3.6
- version/moodle/2.4.0
- version/moodle/2.4.1
- version/moodle/2.4.2
- version/moodle/2.4.3