Lucene search

[email protected]NVD:CVE-2013-1830

HistoryMar 25, 2013 - 9:55 p.m.

CVE-2013-1830

2013-03-2521:55:02

CWE-264

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch17

fedoraprojectfedoraMatch18

Node

moodlemoodleMatch2.2.0

moodlemoodleMatch2.2.1

moodlemoodleMatch2.2.2

moodlemoodleMatch2.2.3

moodlemoodleMatch2.2.4

moodlemoodleMatch2.2.5

moodlemoodleMatch2.2.6

moodlemoodleMatch2.2.7

Node

moodlemoodleMatch2.4.0

moodlemoodleMatch2.4.1

Node

moodlemoodleMatch2.3.0

moodlemoodleMatch2.3.1

moodlemoodleMatch2.3.2

moodlemoodleMatch2.3.3

moodlemoodleMatch2.3.4

Node

moodlemoodleMatch1.1.1

moodlemoodleMatch1.2.0

moodlemoodleMatch1.2.1

moodlemoodleMatch1.3.0

moodlemoodleMatch1.3.1

moodlemoodleMatch1.3.2

moodlemoodleMatch1.3.3

moodlemoodleMatch1.3.4

moodlemoodleMatch1.4.1

moodlemoodleMatch1.4.2

moodlemoodleMatch1.4.3

moodlemoodleMatch1.4.4

moodlemoodleMatch1.4.5

moodlemoodleMatch1.5

moodlemoodleMatch1.5.0beta

moodlemoodleMatch1.5.1

moodlemoodleMatch1.5.2

moodlemoodleMatch1.5.3

moodlemoodleMatch1.6.0

moodlemoodleMatch1.6.1

moodlemoodleMatch1.6.2

moodlemoodleMatch1.6.3

moodlemoodleMatch1.6.4

moodlemoodleMatch1.6.5

moodlemoodleMatch1.6.6

moodlemoodleMatch1.6.7

moodlemoodleMatch1.6.8

moodlemoodleMatch1.7.1

moodlemoodleMatch1.7.2

moodlemoodleMatch1.7.3

moodlemoodleMatch1.7.4

moodlemoodleMatch1.7.5

moodlemoodleMatch1.7.6

moodlemoodleMatch1.8.1

moodlemoodleMatch1.8.2

moodlemoodleMatch1.8.3

moodlemoodleMatch1.8.4

moodlemoodleMatch1.8.5

moodlemoodleMatch1.8.6

moodlemoodleMatch1.8.7

moodlemoodleMatch1.8.8

moodlemoodleMatch1.8.9

moodlemoodleMatch1.8.10

moodlemoodleMatch1.8.11

moodlemoodleMatch1.8.12

moodlemoodleMatch1.8.13

moodlemoodleMatch1.8.14

moodlemoodleMatch1.9.1

moodlemoodleMatch1.9.2

moodlemoodleMatch1.9.3

moodlemoodleMatch1.9.4

moodlemoodleMatch1.9.5

moodlemoodleMatch1.9.6

moodlemoodleMatch1.9.7

moodlemoodleMatch1.9.8

moodlemoodleMatch1.9.9

moodlemoodleMatch1.9.10

moodlemoodleMatch1.9.11

moodlemoodleMatch1.9.12

moodlemoodleMatch1.9.13

moodlemoodleMatch1.9.14

moodlemoodleMatch1.9.15

moodlemoodleMatch1.9.16

moodlemoodleMatch1.9.17

moodlemoodleMatch1.9.18

moodlemoodleMatch2.0.0

moodlemoodleMatch2.0.1

moodlemoodleMatch2.0.2

moodlemoodleMatch2.0.3

moodlemoodleMatch2.0.4

moodlemoodleMatch2.0.5

moodlemoodleMatch2.0.6

moodlemoodleMatch2.0.7

moodlemoodleMatch2.0.8

moodlemoodleMatch2.0.9

moodlemoodleMatch2.1.0

moodlemoodleMatch2.1.1

moodlemoodleMatch2.1.2

moodlemoodleMatch2.1.3

moodlemoodleMatch2.1.4

moodlemoodleMatch2.1.5

moodlemoodleMatch2.1.6

moodlemoodleMatch2.1.7

moodlemoodleMatch2.1.8

moodlemoodleMatch2.1.9

moodlemoodleMatch2.1.10

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37481

lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html

openwall.com/lists/oss-security/2013/03/25/2

moodle.org/mod/forum/discuss.php?d=225341

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

Related for NVD:CVE-2013-1830

ubuntucve1 osv1 github1 prion1 cvelist1 cve1 veracode1 nessus2 openvas4 fedora2