Main Vulnerability Database Vulnerabilities #VU43819

Information disclosure in Moodle - CVE-2012-2353

Published: July 21, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43819

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2012-2353

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.

How to mitigate CVE-2012-2353

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923
http://openwall.com/lists/oss-security/2012/05/23/2

Information disclosure in Moodle - CVE-2012-2353

Detailed vulnerability description

How to mitigate CVE-2012-2353

Sources

Please verify you're human