Main Vulnerability Database Vulnerabilities #VU42704

Improper Authentication in Moodle - CVE-2013-2245

Published: July 29, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42704

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-2245

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.

How to mitigate CVE-2013-2245

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818
https://moodle.org/mod/forum/discuss.php?d=232502

Improper Authentication in Moodle - CVE-2013-2245

Detailed vulnerability description

How to mitigate CVE-2013-2245

Sources

Please verify you're human