Lucene search
HistoryMar 25, 2013 - 9:55 p.m.
CVE-2013-1836
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
8.9
Confidence
High
EPSS
0.003
Percentile
69.7%
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.
Affected configurations
Node
moodlemoodleMatch2.0.0
ORmoodlemoodleMatch2.0.1
ORmoodlemoodleMatch2.0.2
ORmoodlemoodleMatch2.0.3
ORmoodlemoodleMatch2.0.4
ORmoodlemoodleMatch2.0.5
ORmoodlemoodleMatch2.0.6
ORmoodlemoodleMatch2.0.7
ORmoodlemoodleMatch2.0.8
ORmoodlemoodleMatch2.0.9
ORmoodlemoodleMatch2.1.0
ORmoodlemoodleMatch2.1.1
ORmoodlemoodleMatch2.1.2
ORmoodlemoodleMatch2.1.3
ORmoodlemoodleMatch2.1.4
ORmoodlemoodleMatch2.1.5
ORmoodlemoodleMatch2.1.6
ORmoodlemoodleMatch2.1.7
ORmoodlemoodleMatch2.1.8
ORmoodlemoodleMatch2.1.9
ORmoodlemoodleMatch2.1.10
Node
moodlemoodleMatch2.2.0
ORmoodlemoodleMatch2.2.1
ORmoodlemoodleMatch2.2.2
ORmoodlemoodleMatch2.2.3
ORmoodlemoodleMatch2.2.4
ORmoodlemoodleMatch2.2.5
ORmoodlemoodleMatch2.2.6
ORmoodlemoodleMatch2.2.7
Node
moodlemoodleMatch2.3.0
ORmoodlemoodleMatch2.3.1
ORmoodlemoodleMatch2.3.2
ORmoodlemoodleMatch2.3.3
ORmoodlemoodleMatch2.3.4
Node
moodlemoodleMatch2.4.0
ORmoodlemoodleMatch2.4.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| moodle | moodle | 2.0.0 | cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:* |
| moodle | moodle | 2.0.1 | cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:* |
| moodle | moodle | 2.0.2 | cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:* |
| moodle | moodle | 2.0.3 | cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:* |
| moodle | moodle | 2.0.4 | cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:* |
| moodle | moodle | 2.0.5 | cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:* |
| moodle | moodle | 2.0.6 | cpe:2.3:a:moodle:moodle:2.0.6:*:*:*:*:*:*:* |
| moodle | moodle | 2.0.7 | cpe:2.3:a:moodle:moodle:2.0.7:*:*:*:*:*:*:* |
| moodle | moodle | 2.0.8 | cpe:2.3:a:moodle:moodle:2.0.8:*:*:*:*:*:*:* |
| moodle | moodle | 2.0.9 | cpe:2.3:a:moodle:moodle:2.0.9:*:*:*:*:*:*:* |
References
Related
veracode
veracode
Privilege Escalation
2017-06-23 05:05:27
prion
prion
Design/Logic Flaw
2013-03-25 21:55:00
osv
osv
Moodle does not properly manage privileges for WebDAV repositories
2022-05-13 01:12:58
ubuntucve
ubuntucve
CVE-2013-1836
2013-03-11 00:00:00
cvelist
cvelist
CVE-2013-1836
2013-03-25 21:00:00
cve
cve
CVE-2013-1836
2013-03-25 21:55:04
github
github
Moodle does not properly manage privileges for WebDAV repositories
2022-05-13 01:12:58
nessus
nessus
Fedora 17 : moodle-2.2.9-1.fc17 (2013-4404)
2013-04-03 00:00:00
Fedora 18 : moodle-2.3.6-1.fc18 (2013-4387)
2013-04-03 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: moodle-2.3.6-1.fc18
2013-04-03 04:44:25
[SECURITY] Fedora 17 Update: moodle-2.2.9-1.fc17
2013-04-03 04:26:27
openvas
openvas
Fedora Update for moodle FEDORA-2013-4387
2013-04-05 00:00:00
Fedora Update for moodle FEDORA-2013-4404
2013-04-05 00:00:00
Fedora Update for moodle FEDORA-2013-4387
2013-04-05 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
8.9
Confidence
High
EPSS
0.003
Percentile
69.7%
Related for NVD:CVE-2013-1836