CVE-2013-1835

medium

Description

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.

References

https://moodle.org/mod/forum/discuss.php?d=225347

http://openwall.com/lists/oss-security/2013/03/25/2

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426

Details

Source: Mitre, NVD

Published: 2013-03-25

Updated: 2020-12-01

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Severity: Medium