Lucene search
Veracode Vulnerability DatabaseVERACODE:4475HistoryJun 23, 2017 - 5:34 a.m.
Information Disclosure
2017-06-2305:34:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
EPSS
0.003
Percentile
65.9%
Moodle is vulnerable to information disclosure. The attacks exist because it ignores “don’t send” attributes. As a result of ignoring these attributes the site sends sensitive information to remote hub even though it shouldn’t have.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822
lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
openwall.com/lists/oss-security/2013/05/21/1
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822
moodle.org/mod/forum/discuss.php?d=228933
Related
cvelist
cvelist
CVE-2013-2081
2013-05-25 01:00:00
osv
osv
Moodle does not consider "don't send" attributes during hub registration
2022-05-13 01:12:59
prion
prion
Code injection
2013-05-25 03:18:00
github
github
Moodle does not consider "don't send" attributes during hub registration
2022-05-13 01:12:59
ubuntucve
ubuntucve
CVE-2013-2081
2013-05-25 00:00:00
cve
cve
CVE-2013-2081
2013-05-25 03:18:15
nvd
nvd
CVE-2013-2081
2013-05-25 03:18:15
fedora
fedora
[SECURITY] Fedora 19 Update: moodle-2.4.4-1.fc19
2013-05-29 03:03:38
[SECURITY] Fedora 17 Update: moodle-2.2.10-1.fc17
2013-05-29 01:02:13
[SECURITY] Fedora 18 Update: moodle-2.3.7-1.fc18
2013-05-29 00:59:53
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0162)
2022-01-28 00:00:00
Fedora Update for moodle FEDORA-2013-8702
2013-05-31 00:00:00
Fedora Update for moodle FEDORA-2013-8692
2013-05-31 00:00:00
mageia
mageia
Updated moodle package fix security vulnerabilities
2013-06-06 16:24:33
nessus
nessus
Fedora 19 : moodle-2.4.4-1.fc19 (2013-8668)
2013-05-29 00:00:00
Fedora 18 : moodle-2.3.7-1.fc18 (2013-8702)
2013-05-29 00:00:00
Fedora 17 : moodle-2.2.10-1.fc17 (2013-8692)
2013-05-29 00:00:00