CVE-2013-1836: Moodle does not properly manage privileges for WebDAV repositories
(updated )
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.
References
- git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37852
- lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
- lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
- openwall.com/lists/oss-security/2013/03/25/2
- github.com/advisories/GHSA-664q-mrxx-2x2v
- github.com/moodle/moodle/commit/173a201f90941604ae1811a1b79089be4d78707c
- github.com/moodle/moodle/commit/67c858414acb6564cd11f27adb9ffc75e9c8ba7f
- github.com/moodle/moodle/commit/ac5fc5953426befb1232106ade9e42ff239d9b63
- github.com/moodle/moodle/commit/c512e94e7c972c2ef398d49283edbbdc0cfe8ea1
- github.com/moodle/moodle/commit/cb69d2584a0fda3f72cbb6974b155287bc6fcbab
- github.com/moodle/moodle/commit/d5a3a922679f9314ffdc7e4769d78e920e588457
- github.com/moodle/moodle/commit/e1be68f296addf57e80222e8a697931b0870c816
- moodle.org/mod/forum/discuss.php?d=225348
- nvd.nist.gov/vuln/detail/CVE-2013-1836
Code Behaviors & Features
Detect and mitigate CVE-2013-1836 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →