GoogleOSV:GHSA-WXVP-8Q8H-R6RRMoodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.
References
git.moodle.org/gw?p=moodle.git;a=commit;h=e1c2a211f259821910be2cba23679d4176fb00a3
moodle.org/mod/forum/discuss.php?d=182736
openwall.com/lists/oss-security/2011/11/14/1
github.com/moodle/moodle
github.com/moodle/moodle/commit/05f4555422278190ec24a88466ac43c914a7e5d6
github.com/moodle/moodle/commit/9a380fbb53429713b3c422a3146456dc97205329
github.com/moodle/moodle/commit/e1c2a211f259821910be2cba23679d4176fb00a3
nvd.nist.gov/vuln/detail/CVE-2011-4293
Related
