Main Vulnerability Database Vulnerabilities #VU43788

Permissions, Privileges, and Access Controls in Moodle - CVE-2012-3388

Published: July 24, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43788

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2012-3388

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to manipulate data.

The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.

How to mitigate CVE-2012-3388

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916
http://openwall.com/lists/oss-security/2012/07/17/1
http://secunia.com/advisories/49890
http://www.securityfocus.com/bid/54481
https://exchange.xforce.ibmcloud.com/vulnerabilities/76955

Permissions, Privileges, and Access Controls in Moodle - CVE-2012-3388

Detailed vulnerability description

How to mitigate CVE-2012-3388

Sources

Please verify you're human