Vulnerability Description
The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | 2.2.0 |
Related Weaknesses (CWE)
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475Patch
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
- http://openwall.com/lists/oss-security/2013/05/21/1
- https://moodle.org/mod/forum/discuss.php?d=228931Vendor Advisory
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475Patch
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
- http://openwall.com/lists/oss-security/2013/05/21/1
- https://moodle.org/mod/forum/discuss.php?d=228931Vendor Advisory
FAQ
What is CVE-2013-2080?
CVE-2013-2080 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obta...
How severe is CVE-2013-2080?
CVE-2013-2080 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2080?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.