Lucene search
Ubuntu.comUB:CVE-2012-3388HistoryJul 23, 2012 - 12:00 a.m.
CVE-2012-3388
2012-07-2300:00:00
ubuntu.com
ubuntu.com
10
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
EPSS
0.004
Percentile
72.7%
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4
and 2.3.x before 2.3.1 does not properly interact with the caching feature,
which might allow remote authenticated users to bypass an intended
capability check via unspecified vectors that trigger caching of a user
record.
Bugs
Notes
| Author | Note |
|---|---|
| sbeattie | debian will fix in 2.2.3.dfsg-2.2 |
Related
cvelist
cvelist
CVE-2012-3388
2012-07-23 21:00:00
cve
cve
CVE-2012-3388
2012-07-23 21:55:04
veracode
veracode
Capability Check Bypass
2017-06-01 05:04:13
prion
prion
Design/Logic Flaw
2012-07-23 21:55:00
nvd
nvd
CVE-2012-3388
2012-07-23 21:55:04
nessus
nessus
Moodle 2.3.x < 2.3.1 Multiple Vulnerabilities
2016-07-21 00:00:00
Moodle 2.2.x < 2.2.4 Multiple Vulnerabilities
2016-07-21 00:00:00
Fedora 16 : moodle-2.0.10-1.fc16 (2012-11028)
2012-08-02 00:00:00
openvas
openvas
Fedora Update for moodle FEDORA-2012-11028
2012-08-03 00:00:00
Fedora Update for moodle FEDORA-2012-11039
2012-08-30 00:00:00
Fedora Update for moodle FEDORA-2012-11028
2012-08-03 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: moodle-2.2.4-1.fc17
2012-08-01 22:28:41
[SECURITY] Fedora 16 Update: moodle-2.0.10-1.fc16
2012-08-01 22:27:44
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
EPSS
0.004
Percentile
72.7%
Related for UB:CVE-2012-3388