GitHub Advisory DatabaseGHSA-CC94-HWJ3-RF65Moodle's login_as feature leaks information from external repositories
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
54.7%
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426
lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
openwall.com/lists/oss-security/2013/03/25/2
github.com/advisories/GHSA-cc94-hwj3-rf65
github.com/moodle/moodle/commit/31581ae65df05ea64031ac24c8b8f817414f1379
github.com/moodle/moodle/commit/6153c8040dd6ecdf03070ad6b538845c263bf722
github.com/moodle/moodle/commit/ded4050f1bb050770df3bc8e78dcfadf815011ea
moodle.org/mod/forum/discuss.php?d=225347
nvd.nist.gov/vuln/detail/CVE-2013-1835
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
54.7%