CVE-2013-1835
Moodle 2.0.0-2.1.10, 2.2.0-2.2.7, 2.3.0-2.3.4, 2.4.0-2.4.1 - Sensitive Information Exposure via Login-As
Title source: llmDescription
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/03/25/2
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=225347
Scores
EPSS
0.0030
EPSS Percentile
53.5%
Details
CWE
CWE-200
Status
published
Products (37)
moodle/moodle
2.0.0
moodle/moodle
2.0.1
moodle/moodle
2.0.2
moodle/moodle
2.0.3
moodle/moodle
2.0.4
moodle/moodle
2.0.5
moodle/moodle
2.0.6
moodle/moodle
2.0.7
moodle/moodle
2.0.8
moodle/moodle
2.0.9
... and 27 more
Published
Mar 25, 2013
Tracked Since
Feb 18, 2026