Home > Vulnerability Database > CVE-2013-2082

Mend.io Vulnerability Database

CVE-2013-2082

Good to know:

Date: May 24, 2013

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request.

Language: PHP

Severity Score

5.3

Related Resources (15)

Url: https://github.com/moodle/moodle/commit/9a909b1a359f72b8d384e18da8e05474604279e1

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html

Url: https://github.com/moodle/moodle/commit/cb538f0e539e833edb7cf6fa3d705e8abc5003fd

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-2082

Url: https://github.com/moodle/moodle/commit/f9e27e8323f31186820d25252ec0d4c6cd65dafc

Url: https://github.com/moodle/moodle/commit/8aa12adcf26ff2f0b61cd6f0288f2886c8c55bf7

Url: http://openwall.com/lists/oss-security/2013/05/21/1

Url: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html

Url: https://github.com/moodle/moodle/commit/28772fb9e7e6be01b765fb721af16901bb47e417

Url: https://github.com/moodle/moodle/commit/5fde58a59335bc3109a9eaac4a15d1e9217541c3

Url: https://github.com/moodle/moodle

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245

Url: https://moodle.org/mod/forum/discuss.php?d=228934

Url: https://www.mend.io/vulnerability-database/CVE-2013-2082

Severity Score

5.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Top Fix

Upgrade Version

Upgrade to version v2.2.10,v2.3.7,v2.4.4,v2.5.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-2082

Good to know:

Date: May 24, 2013

Language: PHP

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?