Main Vulnerability Database Vulnerabilities #VU30615

Information disclosure in Moodle - CVE-2012-1155

Published: November 14, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30615

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-1155

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

How to mitigate CVE-2012-1155

Install update from vendor's website.

Sources

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
https://access.redhat.com/security/cve/cve-2012-1155
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1155
https://moodle.org/mod/forum/discuss.php?d=198621
https://security-tracker.debian.org/tracker/CVE-2012-1155

Information disclosure in Moodle - CVE-2012-1155

Detailed vulnerability description

How to mitigate CVE-2012-1155

Sources

Please verify you're human