Vulnerability CVE-2013-1835

Vulnerability Name:

CVE-2013-1835 (CCN-83061)

Assigned:

2013-03-25

Published:

2013-03-25

Updated:

2020-12-01

Summary:

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.

CVSS v3 Severity:

3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2013-1835

Source: CONFIRM
Type: Patch
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426

Source: FEDORA
Type: UNKNOWN
FEDORA-2013-4404

Source: FEDORA
Type: UNKNOWN
FEDORA-2013-4387

Source: MLIST
Type: UNKNOWN
[oss-security] 20130325 Moodle security notifications public

Source: CCN
Type: SA52691
Moodle Multiple Vulnerabilities

Source: CCN
Type: BID-60047
Moodle CVE-2013-1835 Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
moodle-lib-repository-spoofing(83061)

Source: CCN
Type: Moodle Web Site
Moodle

Source: CCN
Type: MSA-13-0018
Personal information leak through repositories

Source: CONFIRM
Type: Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=225347

Vulnerable Configuration:

Configuration 1:

cpe:/a:moodle:moodle:2.0.8:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.6:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.0.9:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.5:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.4:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.0:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.9:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.0.7:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.0.6:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.10:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.7:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.0.5:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.8:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:moodle:moodle:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.5:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.7:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.6:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.4:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:moodle:moodle:2.3.4:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.3.2:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.3.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:moodle:moodle:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.4.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.bionic:def:201318350000000	V	CVE-2013-1835 on Ubuntu 18.04 LTS (bionic) - medium.	2013-03-25
oval:com.ubuntu.artful:def:20131835000	V	CVE-2013-1835 on Ubuntu 17.10 (artful) - medium.	2013-03-25
oval:com.ubuntu.trusty:def:20131835000	V	CVE-2013-1835 on Ubuntu 14.04 LTS (trusty) - medium.	2013-03-25
oval:com.ubuntu.xenial:def:201318350000000	V	CVE-2013-1835 on Ubuntu 16.04 LTS (xenial) - medium.	2013-03-25
oval:com.ubuntu.bionic:def:20131835000	V	CVE-2013-1835 on Ubuntu 18.04 LTS (bionic) - medium.	2013-03-25
oval:com.ubuntu.xenial:def:20131835000	V	CVE-2013-1835 on Ubuntu 16.04 LTS (xenial) - medium.	2013-03-25
oval:com.ubuntu.disco:def:201318350000000	V	CVE-2013-1835 on Ubuntu 19.04 (disco) - medium.	2013-03-25
oval:com.ubuntu.cosmic:def:20131835000	V	CVE-2013-1835 on Ubuntu 18.10 (cosmic) - medium.	2013-03-25
oval:com.ubuntu.cosmic:def:201318350000000	V	CVE-2013-1835 on Ubuntu 18.10 (cosmic) - medium.	2013-03-25
oval:com.ubuntu.precise:def:20131835000	V	CVE-2013-1835 on Ubuntu 12.04 LTS (precise) - medium.	2013-03-25

BACK