Lucene search

RedhatCVE-2012-6098

HistoryJan 27, 2013 - 10:55 p.m.

CVE-2012-6098

2013-01-2722:55:03

CWE-264

redhat

web.nvd.nist.gov

cve-2012-6098

moodle

grade/edit/outcome/edit_form.php

security vulnerability

nvd

remote authenticated users

capability requirement

teacher role

re-editing feature

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

46.6%

JSON

grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature.

Affected configurations

Nvd

Node

moodlemoodleMatch1.9.1

moodlemoodleMatch1.9.2

moodlemoodleMatch1.9.3

moodlemoodleMatch1.9.4

moodlemoodleMatch1.9.5

moodlemoodleMatch1.9.6

moodlemoodleMatch1.9.7

moodlemoodleMatch1.9.8

moodlemoodleMatch1.9.9

moodlemoodleMatch1.9.10

moodlemoodleMatch1.9.11

moodlemoodleMatch1.9.12

moodlemoodleMatch1.9.13

moodlemoodleMatch1.9.14

moodlemoodleMatch1.9.15

moodlemoodleMatch1.9.16

moodlemoodleMatch1.9.17

moodlemoodleMatch1.9.18

Node

moodlemoodleMatch2.1.0

moodlemoodleMatch2.1.1

moodlemoodleMatch2.1.2

moodlemoodleMatch2.1.3

moodlemoodleMatch2.1.4

moodlemoodleMatch2.1.5

moodlemoodleMatch2.1.6

moodlemoodleMatch2.1.7

moodlemoodleMatch2.1.8

moodlemoodleMatch2.1.9

Node

moodlemoodleMatch2.2.0

moodlemoodleMatch2.2.1

moodlemoodleMatch2.2.2

moodlemoodleMatch2.2.3

moodlemoodleMatch2.2.4

moodlemoodleMatch2.2.5

moodlemoodleMatch2.2.6

Node

moodlemoodleMatch2.3.0

moodlemoodleMatch2.3.1

moodlemoodleMatch2.3.2

moodlemoodleMatch2.3.3

Node

moodlemoodleMatch2.4.0

VendorProductVersionCPE
moodlemoodle1.9.1cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
moodlemoodle1.9.2cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
moodlemoodle1.9.3cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
moodlemoodle1.9.4cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
moodlemoodle1.9.5cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
moodlemoodle1.9.6cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
moodlemoodle1.9.7cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*
moodlemoodle1.9.8cpe:2.3:a:moodle:moodle:1.9.8:*:*:*:*:*:*:*
moodlemoodle1.9.9cpe:2.3:a:moodle:moodle:1.9.9:*:*:*:*:*:*:*
moodlemoodle1.9.10cpe:2.3:a:moodle:moodle:1.9.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	1.9.1	cpe:2.3:a:moodle:moodle:1.9.1:::::::*
moodle	moodle	1.9.2	cpe:2.3:a:moodle:moodle:1.9.2:::::::*
moodle	moodle	1.9.3	cpe:2.3:a:moodle:moodle:1.9.3:::::::*
moodle	moodle	1.9.4	cpe:2.3:a:moodle:moodle:1.9.4:::::::*
moodle	moodle	1.9.5	cpe:2.3:a:moodle:moodle:1.9.5:::::::*
moodle	moodle	1.9.6	cpe:2.3:a:moodle:moodle:1.9.6:::::::*
moodle	moodle	1.9.7	cpe:2.3:a:moodle:moodle:1.9.7:::::::*
moodle	moodle	1.9.8	cpe:2.3:a:moodle:moodle:1.9.8:::::::*
moodle	moodle	1.9.9	cpe:2.3:a:moodle:moodle:1.9.9:::::::*
moodle	moodle	1.9.10	cpe:2.3:a:moodle:moodle:1.9.10:::::::*