CVE-2013-2245
First published: Fri Jul 26 2013(Updated: )
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle | =2.1.0 | |
| Moodle | =2.1.1 | |
| Moodle | =2.1.2 | |
| Moodle | =2.1.3 | |
| Moodle | =2.1.4 | |
| Moodle | =2.1.5 | |
| Moodle | =2.1.6 | |
| Moodle | =2.1.7 | |
| Moodle | =2.1.8 | |
| Moodle | =2.1.9 | |
| Moodle | =2.1.10 | |
| Moodle | =2.2.0 | |
| Moodle | =2.2.1 | |
| Moodle | =2.2.2 | |
| Moodle | =2.2.3 | |
| Moodle | =2.2.4 | |
| Moodle | =2.2.5 | |
| Moodle | =2.2.6 | |
| Moodle | =2.2.7 | |
| Moodle | =2.2.8 | |
| Moodle | =2.2.9 | |
| Moodle | =2.2.10 | |
| Moodle | =2.3.0 | |
| Moodle | =2.3.1 | |
| Moodle | =2.3.2 | |
| Moodle | =2.3.3 | |
| Moodle | =2.3.4 | |
| Moodle | =2.3.5 | |
| Moodle | =2.3.6 | |
| Moodle | =2.3.7 | |
| Moodle | =2.4.0 | |
| Moodle | =2.4.1 | |
| Moodle | =2.4.2 | |
| Moodle | =2.4.3 | |
| Moodle | =2.4.4 | |
| Moodle | =2.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-2245?
CVE-2013-2245 has a medium severity rating, indicating potential risk to sensitive information.
How do I fix CVE-2013-2245?
To fix CVE-2013-2245, upgrade to Moodle version 2.2.11, 2.3.8, 2.4.5, or 2.5.1 or newer.
What kind of information can be accessed due to CVE-2013-2245?
CVE-2013-2245 allows unauthorized access to sensitive block information through RSS feeds.
Which versions of Moodle are affected by CVE-2013-2245?
Moodle versions up to 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 are affected.
Who is primarily at risk from CVE-2013-2245?
Remote authenticated users are primarily at risk from CVE-2013-2245 due to the improper implementation of RSS tokens.
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/moodle
- canonical/moodle
- version/moodle/2.1.0
- version/moodle/2.1.1
- version/moodle/2.1.2
- version/moodle/2.1.3
- version/moodle/2.1.4
- version/moodle/2.1.5
- version/moodle/2.1.6
- version/moodle/2.1.7
- version/moodle/2.1.8
- version/moodle/2.1.9
- version/moodle/2.1.10
- version/moodle/2.2.0
- version/moodle/2.2.1
- version/moodle/2.2.2
- version/moodle/2.2.3
- version/moodle/2.2.4
- version/moodle/2.2.5
- version/moodle/2.2.6
- version/moodle/2.2.7
- version/moodle/2.2.8
- version/moodle/2.2.9
- version/moodle/2.2.10
- version/moodle/2.3.0
- version/moodle/2.3.1
- version/moodle/2.3.2
- version/moodle/2.3.3
- version/moodle/2.3.4
- version/moodle/2.3.5
- version/moodle/2.3.6
- version/moodle/2.3.7
- version/moodle/2.4.0
- version/moodle/2.4.1
- version/moodle/2.4.2
- version/moodle/2.4.3
- version/moodle/2.4.4
- version/moodle/2.5.0