CVE Vulnerabilities

CVE-2013-2079

Published: May 25, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users assignments by leveraging the student role.

Affected Software

Name Vendor Start Version End Version
Moodle Moodle 2.3.0 (including) 2.3.0 (including)
Moodle Moodle 2.3.1 (including) 2.3.1 (including)
Moodle Moodle 2.3.2 (including) 2.3.2 (including)
Moodle Moodle 2.3.3 (including) 2.3.3 (including)
Moodle Moodle 2.3.4 (including) 2.3.4 (including)
Moodle Moodle 2.3.5 (including) 2.3.5 (including)
Moodle Moodle 2.3.6 (including) 2.3.6 (including)
Moodle Ubuntu upstream *

References