GitHub Advisory DatabaseGHSA-664Q-MRXX-2X2VMoodle does not properly manage privileges for WebDAV repositories
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
69.7%
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37852
lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
openwall.com/lists/oss-security/2013/03/25/2
github.com/advisories/GHSA-664q-mrxx-2x2v
github.com/moodle/moodle/commit/173a201f90941604ae1811a1b79089be4d78707c
github.com/moodle/moodle/commit/67c858414acb6564cd11f27adb9ffc75e9c8ba7f
github.com/moodle/moodle/commit/ac5fc5953426befb1232106ade9e42ff239d9b63
github.com/moodle/moodle/commit/c512e94e7c972c2ef398d49283edbbdc0cfe8ea1
github.com/moodle/moodle/commit/cb69d2584a0fda3f72cbb6974b155287bc6fcbab
github.com/moodle/moodle/commit/d5a3a922679f9314ffdc7e4769d78e920e588457
github.com/moodle/moodle/commit/e1be68f296addf57e80222e8a697931b0870c816
moodle.org/mod/forum/discuss.php?d=225348
nvd.nist.gov/vuln/detail/CVE-2013-1836
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
69.7%