CVE-2013-1836 Information

Description

Moodle 2.x through 2.1.10 2.2.x before 2.2.8 2.3.x before 2.3.5 and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories which allows remote authenticated users to read modify or delete arbitrary site-wide repositories by leveraging certain read access.

Reference

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37852 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225348