VulnerableCode Vulnerability Details - VCID-fk37-49yf-rug8

Search for vulnerabilities

Vulnerability details: VCID-fk37-49yf-rug8

Essentials
Severities (13)
References (12)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-fk37-49yf-rug8
Aliases	CVE-2013-1835 GHSA-cc94-hwj3-rf65
Summary	Moodle's login_as feature leaks information from external repositories Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	LOW	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426
generic_textual	LOW	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
generic_textual	LOW	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
generic_textual	LOW	http://openwall.com/lists/oss-security/2013/03/25/2
epss	0.00306	https://api.first.org/data/v1/epss?cve=CVE-2013-1835
epss	0.00306	https://api.first.org/data/v1/epss?cve=CVE-2013-1835
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-cc94-hwj3-rf65
generic_textual	LOW	https://github.com/moodle/moodle
generic_textual	LOW	https://github.com/moodle/moodle/commit/31581ae65df05ea64031ac24c8b8f817414f1379
generic_textual	LOW	https://github.com/moodle/moodle/commit/6153c8040dd6ecdf03070ad6b538845c263bf722
generic_textual	LOW	https://github.com/moodle/moodle/commit/ded4050f1bb050770df3bc8e78dcfadf815011ea
generic_textual	LOW	https://moodle.org/mod/forum/discuss.php?d=225347
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2013-1835

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426
		http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
		http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
		http://openwall.com/lists/oss-security/2013/03/25/2
		https://api.first.org/data/v1/epss?cve=CVE-2013-1835
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/31581ae65df05ea64031ac24c8b8f817414f1379
		https://github.com/moodle/moodle/commit/6153c8040dd6ecdf03070ad6b538845c263bf722
		https://github.com/moodle/moodle/commit/ded4050f1bb050770df3bc8e78dcfadf815011ea
		https://moodle.org/mod/forum/discuss.php?d=225347
		https://nvd.nist.gov/vuln/detail/CVE-2013-1835
GHSA-cc94-hwj3-rf65		https://github.com/advisories/GHSA-cc94-hwj3-rf65

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.53311
EPSS Score	0.00306
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:28:07.689796+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cc94-hwj3-rf65/GHSA-cc94-hwj3-rf65.json	36.1.3