CVE-2013-2242
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
29/07/2013
Last modified:
11/04/2025
Description
mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page