Main Vulnerability Database Vulnerabilities #VU43810

Permissions, Privileges, and Access Controls in Moodle - CVE-2012-2359

Published: July 21, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43810

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2012-2359

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.

How to mitigate CVE-2012-2359

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git;a=commit;h=0f75e1e6272db0303abc8e27362e5c3a1344b82f
http://openwall.com/lists/oss-security/2012/05/23/2

Permissions, Privileges, and Access Controls in Moodle - CVE-2012-2359

Detailed vulnerability description

How to mitigate CVE-2012-2359

Sources

Please verify you're human