Miggo Logo

CVE-2013-1835: Moodle's login_as feature leaks information from external repositories

3.5

CVSS Score

Basic Information

EPSS Score
0.53365%
Published
5/13/2022
Updated
1/23/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
AV:N/AC:M/Au:S/C:P/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 2.0.0, < 2.2.82.2.8
moodle/moodlecomposer>= 2.3.0, < 2.3.52.3.5
moodle/moodlecomposer>= 2.4.0, < 2.4.22.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient access control in the check_capability method. The patch adds critical checks for session_is_loggedinas() and repository context privacy (via contains_private_data()). In vulnerable versions, this function only checked basic capability permissions without considering impersonation scenarios or repository privacy context, enabling unauthorized access to external repositories when using the 'login_as' feature. The addition of these checks in the commit confirms this was the vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Moo*l* *.x t*rou** *.*.**, *.*.x ***or* *.*.*, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* *llows r*mot* *ut**nti**t** **ministr*tors to o*t*in s*nsitiv* in*orm*tion *rom t** *xt*rn*l r*positori*s o* *r*itr*ry us*rs *y l*v*r**in* t** lo*in_*s ***tur*.

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt ****ss *ontrol in t** ****k_**p**ility m*t*o*. T** p*t** ***s *riti**l ****ks *or s*ssion_is_lo****in*s() *n* r*pository *ont*xt priv**y (vi* *ont*ins_priv*t*_**t*()). In vuln*r**l* v*rsions, t*is *un*tion on