Description

mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role.

Remediation

References

CVE-2013-2079

Related Vulnerabilities

Oracle Application Server CVE-2008-0340 Vulnerability (CVE-2008-0340)

Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1)

Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.9)

Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2022-45782)

WordPress Plugin Security & Malware scan by CleanTalk Security Bypass (2.50)

Severity

Medium

Classification

CVE-2013-2079 CWE-264

Tags

Missing Update Known Vulnerabilities