Lucene search

[email protected]NVD:CVE-2013-1829

HistoryMar 25, 2013 - 9:55 p.m.

CVE-2013-1829

2013-03-2521:55:01

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

0.001

Percentile

46.1%

JSON

calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role.

Affected configurations

Nvd

Node

moodlemoodleMatch2.4.0

moodlemoodleMatch2.4.1

VendorProductVersionCPE
moodlemoodle2.4.0cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
moodlemoodle2.4.1cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	2.4.0	cpe:2.3:a:moodle:moodle:2.4.0:::::::*
moodle	moodle	2.4.1	cpe:2.3:a:moodle:moodle:2.4.1:::::::*

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37338

openwall.com/lists/oss-security/2013/03/25/2

moodle.org/mod/forum/discuss.php?d=225339

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

0.001

Percentile

46.1%

JSON

Related for NVD:CVE-2013-1829

cvelist1 ubuntucve1 veracode1 prion1 cve1