Fedora EPEL 5 update for moodle

Published: 2013-01-23 | Updated: 2025-04-24

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2012-6098 CVE-2012-6100
CWE-ID	CWE-264
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Fedora Operating systems & Components / Operating system moodle Operating systems & Components / Operating system package or component
Vendor	Fedoraproject

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU43143

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2012-6098

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote #AU# to manipulate data.

grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 5

moodle: before 1.9.19-5.el5

CPE2.3

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2013-0171

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU43145