CVE-2013-2080
Moodle < 2.3.7 - Authenticated Information Disclosure via Gradebook Overview Report
Title source: llmDescription
The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report.
References (6)
Core 6
Core References
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/05/21/1
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=228931
Scores
EPSS
0.0042
EPSS Percentile
62.3%
Details
CWE
CWE-264
Status
published
Products (23)
moodle/moodle
2.2.0
moodle/moodle
2.2.1
moodle/moodle
2.2.2
moodle/moodle
2.2.3
moodle/moodle
2.2.4
moodle/moodle
2.2.5
moodle/moodle
2.2.6
moodle/moodle
2.2.7
moodle/moodle
2.2.8
moodle/moodle
2.2.9
... and 13 more
Published
May 25, 2013
Tracked Since
Feb 18, 2026