Home > Vulnerability Database > CVE-2013-2081

Mend.io Vulnerability Database

CVE-2013-2081

Date: May 24, 2013

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.

Language: PHP

Severity Score

3.7

Related Resources (19)

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html

Url: https://github.com/moodle/moodle/commit/fd469033fa2c860647e48f3d543346503a37faa0

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html

Url: https://github.com/moodle/moodle/commit/a811e8ac56e49a174b68ceade81197c80be4b325

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-2081

Url: https://github.com/moodle/moodle/commit/667eaec4d2679a8bc1fcd9f0ff17a1be2babccb0

Url: https://github.com/moodle/moodle/commit/669dee58048b18d9034a7b2367b97a50b498b0e0

Url: https://github.com/moodle/moodle/commit/60c468bcb3b6f867a70f2f30427b52e0362e93d1

Url: http://openwall.com/lists/oss-security/2013/05/21/1

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822

Url: https://github.com/moodle/moodle/commit/1d79b726d762bcc629c1a2a74cfa3eca5a7c5da7

Url: https://github.com/moodle/moodle/commit/4d65904bc132548a2ef4c2a40bf5ba2cffb5f68f

Url: https://github.com/moodle/moodle/commit/be6281e2cbc2fb40b96a48c07c80883fa80cd1b7

Url: https://github.com/moodle/moodle

Url: https://github.com/moodle/moodle/commit/1fc34e37fdc57b4ec303cb942dc5d5535b953ed7

Url: https://moodle.org/mod/forum/discuss.php?d=228933

Url: https://github.com/moodle/moodle/commit/54a3ce69e9ca751fffd0b3e0eb5be4add50de113

Url: https://www.mend.io/vulnerability-database/CVE-2013-2081

Severity Score

3.7

Weakness Type (CWE)

Improper Access Control

CWE-284

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-2081

Date: May 24, 2013

Language: PHP

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?