Lucene search
Veracode Vulnerability DatabaseVERACODE:4471HistoryJun 23, 2017 - 3:51 a.m.
Missing Access Restrictions On Assignment Downloads
2017-06-2303:51:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
EPSS
0.002
Percentile
58.6%
Moodle lacks access restrictions for download assignments. A flaw in mod/assign/locallib.php allows authenticated users to read other user’s assignments. This is possible because it lacks access restrictions during the processing of ZIP assignment-archive download requests.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38443
lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
openwall.com/lists/oss-security/2013/05/21/1
moodle.org/mod/forum/discuss.php?d=228930
Related
cvelist
cvelist
CVE-2013-2079
2013-05-25 01:00:00
cve
cve
CVE-2013-2079
2013-05-25 03:18:13
prion
prion
Code injection
2013-05-25 03:18:00
nvd
nvd
CVE-2013-2079
2013-05-25 03:18:13
ubuntucve
ubuntucve
CVE-2013-2079
2013-05-25 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: moodle-2.4.4-1.fc19
2013-05-29 03:03:38
[SECURITY] Fedora 18 Update: moodle-2.3.7-1.fc18
2013-05-29 00:59:53
[SECURITY] Fedora 17 Update: moodle-2.2.10-1.fc17
2013-05-29 01:02:13
nessus
nessus
Fedora 18 : moodle-2.3.7-1.fc18 (2013-8702)
2013-05-29 00:00:00
Fedora 17 : moodle-2.2.10-1.fc17 (2013-8692)
2013-05-29 00:00:00
Fedora 19 : moodle-2.4.4-1.fc19 (2013-8668)
2013-05-29 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0162)
2022-01-28 00:00:00
Fedora Update for moodle FEDORA-2013-8702
2013-05-31 00:00:00
Fedora Update for moodle FEDORA-2013-8692
2013-05-31 00:00:00
mageia
mageia
Updated moodle package fix security vulnerabilities
2013-06-06 16:24:33