Main Vulnerability Database Vulnerabilities #VU42702

Information disclosure in Moodle - CVE-2013-2243

Published: July 29, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42702

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-2243

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document.

How to mitigate CVE-2013-2243

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39546
https://moodle.org/mod/forum/discuss.php?d=232500

Information disclosure in Moodle - CVE-2013-2243

Detailed vulnerability description

How to mitigate CVE-2013-2243

Sources

Please verify you're human