CVE-2012-2353

2012-07-2103:38:55

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

0.001

Percentile

41.4%

JSON

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to “Enrolled users” under the Users Settings section.

Affected configurations

Nvd

Node

moodlemoodleMatch2.1.0

moodlemoodleMatch2.1.1

moodlemoodleMatch2.1.2

moodlemoodleMatch2.1.3

moodlemoodleMatch2.1.4

moodlemoodleMatch2.1.5

Node

moodlemoodleMatch2.2.0

moodlemoodleMatch2.2.1

moodlemoodleMatch2.2.2

VendorProductVersionCPE
moodlemoodle2.1.0cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
moodlemoodle2.1.1cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
moodlemoodle2.1.2cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
moodlemoodle2.1.3cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
moodlemoodle2.1.4cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
moodlemoodle2.1.5cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
moodlemoodle2.2.0cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
moodlemoodle2.2.1cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
moodlemoodle2.2.2cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	2.1.0	cpe:2.3:a:moodle:moodle:2.1.0:::::::*
moodle	moodle	2.1.1	cpe:2.3:a:moodle:moodle:2.1.1:::::::*
moodle	moodle	2.1.2	cpe:2.3:a:moodle:moodle:2.1.2:::::::*
moodle	moodle	2.1.3	cpe:2.3:a:moodle:moodle:2.1.3:::::::*
moodle	moodle	2.1.4	cpe:2.3:a:moodle:moodle:2.1.4:::::::*
moodle	moodle	2.1.5	cpe:2.3:a:moodle:moodle:2.1.5:::::::*
moodle	moodle	2.2.0	cpe:2.3:a:moodle:moodle:2.2.0:::::::*
moodle	moodle	2.2.1	cpe:2.3:a:moodle:moodle:2.2.1:::::::*
moodle	moodle	2.2.2	cpe:2.3:a:moodle:moodle:2.2.2:::::::*