Main Vulnerability Database Vulnerabilities #VU42960

Information disclosure in Moodle - CVE-2013-1829

Published: March 25, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42960

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-1829

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role.

How to mitigate CVE-2013-1829

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37338
http://openwall.com/lists/oss-security/2013/03/25/2
https://moodle.org/mod/forum/discuss.php?d=225339

Information disclosure in Moodle - CVE-2013-1829

Detailed vulnerability description

How to mitigate CVE-2013-1829

Sources

Please verify you're human