Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4300

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4300
Last Modified 11 Jul 2012 12:00:00
Published 11 Jul 2012 06:26:10
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4300

Summary

The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.

Vulnerable Systems

Application

  • Moodle 2.0

  • Moodle 2.0.1

  • Moodle 2.0.2

  • Moodle 2.0.3

  • Moodle 2.0.4

  • Moodle 2.1

  • Moodle 2.1.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=747444

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=188311

CONFIRM - http://git.moodle.org/gw?p=moodle.git;a=commit;h=f6b07c4da54a9db24723beb147e8a19a3d487e00


Last Updated: 27 May 2016 10:49:38