| Title | Moodle における任意の site-wide リポジトリを読まれる脆弱性 |
|---|---|
| Summary | Moodle は、WebDAV リポジトリの特権を適切に管理しないため、任意の site-wide リポジトリを読まれる、改ざんされる、または削除される脆弱性が存在します。 |
| Possible impacts | リモート認証されたユーザにより、特定の読み取りアクセスを利用されることで、任意の site-wide リポジトリを読まれる、改ざんされる、または削除される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | March 25, 2013, midnight |
| Registration Date | March 27, 2013, 4:48 p.m. |
| Last Update | Dec. 19, 2013, 7:08 p.m. |
| CVSS2.0 : 警告 | |
| Score | 6.5 |
|---|---|
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Moodle |
| Moodle 2.2.8 未満の 2.2.x |
| Moodle 2.3.5 未満の 2.3.x |
| Moodle 2.4.2 未満の 2.4.x |
| Moodle 2.x から 2.1.10 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2013年03月27日] 掲載 [2013年12月19日] ベンダ情報:Debian (703870) を追加 ベンダ情報:Fedora Project (FEDORA-2013-4387) を追加 ベンダ情報:Fedora Project (FEDORA-2013-4404) を追加 ベンダ情報:レッドハット (Bug 927264) を追加 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access. |
|---|---|
| Publication Date | March 26, 2013, 6:55 a.m. |
| Registration Date | Jan. 26, 2021, 3:37 p.m. |
| Last Update | Nov. 21, 2024, 10:50 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.0.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.0.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:* | |||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:* | |||||