Bug 1034655 (CVE-2013-4524) - CVE-2013-4524 moodle: directory traversal vulnerability in repository/filesystem/lib.php
Summary: CVE-2013-4524 moodle: directory traversal vulnerability in repository/filesys...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-4524
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1034659 1034660
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-26 09:43 UTC by Ratul Gupta
Modified: 2019-09-29 13:10 UTC (History)
2 users (show)

Fixed In Version: moodle 2.3.10, moodle 2.4.7, moodle 2.5.3
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-22 15:37:33 UTC
Embargoed:

Attachments (Terms of Use)

Description Ratul Gupta 2013-11-26 09:43:20 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4524 to the following vulnerability:

Name: CVE-2013-4524
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4524
Assigned: 20130612
Reference: http://openwall.com/lists/oss-security/2013/11/25/1
Reference: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41807
Reference: https://moodle.org/mod/forum/discuss.php?d=244481

Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and
2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.
Comment 1 Ratul Gupta 2013-11-26 09:57:27 UTC 
Created moodle tracking bugs for this issue:

Affects: fedora-all [bug 1034659]
Affects: epel-all [bug 1034660]
Comment 3 Bojan Jovanovic 2015-03-12 13:42:37 UTC 
Recommended for closing. Currently only epel 6 have moodle 2.6.8. In fedora repos moodle is 2.5.9 for f20 and 2.7.5 for f21
Note You need to log in before you can comment on or make changes to this bug.