Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3388

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-3388
Last Modified 09 Aug 2012 12:00:00
Published 23 Jul 2012 05:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-3388

Summary

The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.

Vulnerable Systems

Application

  • Moodle 2.2

  • Moodle 2.2.1

  • Moodle 2.2.2

  • Moodle 2.2.3

  • Moodle 2.3


References

MLIST - [oss-security] 20120717 Moodle security notifications public

CONFIRM - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916


Last Updated: 27 May 2016 10:54:57