CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
78.0%
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.
git.moodle.org/gw?p=moodle.git;a=commit;h=e1c2a211f259821910be2cba23679d4176fb00a3
moodle.org/mod/forum/discuss.php?d=182736
openwall.com/lists/oss-security/2011/11/14/1
github.com/advisories/GHSA-wxvp-8q8h-r6rr
github.com/moodle/moodle/commit/05f4555422278190ec24a88466ac43c914a7e5d6
github.com/moodle/moodle/commit/9a380fbb53429713b3c422a3146456dc97205329
github.com/moodle/moodle/commit/e1c2a211f259821910be2cba23679d4176fb00a3
nvd.nist.gov/vuln/detail/CVE-2011-4293