Lucene search

PRIOn knowledge basePRION:CVE-2013-4938

HistoryJul 29, 2013 - 1:59 p.m.

Information disclosure

2013-07-2913:59:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON

The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values.

CPENameOperatorVersion
moodleeq2.1.2
moodleeq2.1.10
moodleeq2.1.8
moodleeq2.1.9
moodleeq2.1.1
moodleeq2.1.5
moodleeq2.1.6
moodleeq2.1.3
moodleeq2.1.7
moodleeq2.1.4

Name	Operator	Version
moodle	eq	2.1.2
moodle	eq	2.1.10
moodle	eq	2.1.8
moodle	eq	2.1.9
moodle	eq	2.1.1
moodle	eq	2.1.5
moodle	eq	2.1.6
moodle	eq	2.1.3
moodle	eq	2.1.7
moodle	eq	2.1.4

Rows per page:

1-10 of 361

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40308

moodle.org/mod/forum/discuss.php?d=232497

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON

Related for PRION:CVE-2013-4938