CVE-2013-1835: Moodle's login_as feature leaks information from external repositories
3.5
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.53365%
CWE
Published
5/13/2022
Updated
1/23/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
AV:N/AC:M/Au:S/C:P/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
moodle/moodle | composer | >= 2.0.0, < 2.2.8 | 2.2.8 |
moodle/moodle | composer | >= 2.3.0, < 2.3.5 | 2.3.5 |
moodle/moodle | composer | >= 2.4.0, < 2.4.2 | 2.4.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from insufficient access control in the check_capability method. The patch adds critical checks for session_is_loggedinas() and repository context privacy (via contains_private_data()). In vulnerable versions, this function only checked basic capability permissions without considering impersonation scenarios or repository privacy context, enabling unauthorized access to external repositories when using the 'login_as' feature. The addition of these checks in the commit confirms this was the vulnerable entry point.