Lucene search
RedhatCVE-2013-2242HistoryJul 29, 2013 - 1:59 p.m.
CVE-2013-2242
2013-07-2913:59:20
CWE-264
redhat
web.nvd.nist.gov
29
moodle
cve-2013-2242
chat
gui sockets
index.php
security vulnerability
access restriction
nvd
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.001
Percentile
47.4%
mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server.
Affected configurations
Node
moodlemoodleMatch2.1.0
ORmoodlemoodleMatch2.1.1
ORmoodlemoodleMatch2.1.2
ORmoodlemoodleMatch2.1.3
ORmoodlemoodleMatch2.1.4
ORmoodlemoodleMatch2.1.5
ORmoodlemoodleMatch2.1.6
ORmoodlemoodleMatch2.1.7
ORmoodlemoodleMatch2.1.8
ORmoodlemoodleMatch2.1.9
ORmoodlemoodleMatch2.1.10
Node
moodlemoodleMatch2.2.0
ORmoodlemoodleMatch2.2.1
ORmoodlemoodleMatch2.2.2
ORmoodlemoodleMatch2.2.3
ORmoodlemoodleMatch2.2.4
ORmoodlemoodleMatch2.2.5
ORmoodlemoodleMatch2.2.6
ORmoodlemoodleMatch2.2.7
ORmoodlemoodleMatch2.2.8
ORmoodlemoodleMatch2.2.9
ORmoodlemoodleMatch2.2.10
Node
moodlemoodleMatch2.3.0
ORmoodlemoodleMatch2.3.1
ORmoodlemoodleMatch2.3.2
ORmoodlemoodleMatch2.3.3
ORmoodlemoodleMatch2.3.4
ORmoodlemoodleMatch2.3.5
ORmoodlemoodleMatch2.3.6
ORmoodlemoodleMatch2.3.7
Node
moodlemoodleMatch2.4.0
ORmoodlemoodleMatch2.4.1
ORmoodlemoodleMatch2.4.2
ORmoodlemoodleMatch2.4.3
ORmoodlemoodleMatch2.4.4
Node
moodlemoodleMatch2.5.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| moodle | moodle | 2.1.0 | cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.1 | cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.2 | cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.3 | cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.4 | cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.5 | cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.6 | cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.7 | cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.8 | cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.9 | cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:* |
Related
veracode
veracode
Access Restriction Bypass
2017-07-21 07:09:46
cvelist
cvelist
CVE-2013-2242
2013-07-26 22:00:00
ubuntucve
ubuntucve
CVE-2013-2242
2013-07-29 00:00:00
prion
prion
Design/Logic Flaw
2013-07-29 13:59:00
nvd
nvd
CVE-2013-2242
2013-07-29 13:59:20
nessus
nessus
Moodle 2.2.x < 2.2.11 Multiple Vulnerabilities
2016-07-21 00:00:00
Moodle 2.3.x < 2.3.8 Multiple Vulnerabilities
2016-07-21 00:00:00
Fedora 18 : moodle-2.3.8-2.fc18 (2013-12950)
2013-07-23 00:00:00
openvas
openvas
Fedora Update for moodle FEDORA-2013-12964
2013-08-20 00:00:00
Fedora Update for moodle FEDORA-2013-12964
2013-08-20 00:00:00
Mageia: Security Advisory (MGASA-2013-0217)
2022-01-28 00:00:00
mageia
mageia
Updated moodle package fixes multiple security vulnerabilities
2013-07-21 12:38:57
fedora
fedora
[SECURITY] Fedora 19 Update: moodle-2.4.5-2.fc19
2013-07-23 01:09:09
[SECURITY] Fedora 17 Update: moodle-2.2.11-1.fc17
2013-07-30 17:43:47
[SECURITY] Fedora 18 Update: moodle-2.3.8-2.fc18
2013-07-23 01:08:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.001
Percentile
47.4%
Related for CVE-2013-2242