CVE-2013-1836
Moodle 2.0.0-2.1.10, 2.2.0-2.2.7, 2.3.0-2.3.4, 2.4.0-2.4.1 - Authenticated Arbitrary Repository Access via WebDAV
Title source: llmDescription
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/03/25/2
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37852
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=225348
Scores
EPSS
0.0064
EPSS Percentile
70.9%
Details
CWE
CWE-264
Status
published
Products (37)
moodle/moodle
2.0.0
moodle/moodle
2.0.1
moodle/moodle
2.0.2
moodle/moodle
2.0.3
moodle/moodle
2.0.4
moodle/moodle
2.0.5
moodle/moodle
2.0.6
moodle/moodle
2.0.7
moodle/moodle
2.0.8
moodle/moodle
2.0.9
... and 27 more
Published
Mar 25, 2013
Tracked Since
Feb 18, 2026