Vulnerability Details : CVE-2013-1829
calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role.
Vulnerability category: Information leak
Products affected by CVE-2013-1829
- cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1829
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1829
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2013-1829
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1829
-
https://moodle.org/mod/forum/discuss.php?d=225339
Moodle.org: MSA-13-0011: Calendar subscription capability issueVendor Advisory
-
http://openwall.com/lists/oss-security/2013/03/25/2
oss-security - Moodle security notifications public
-
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37338
Official Moodle git projects - moodle.git/searchPatch
Jump to