Main Vulnerability Database Vulnerabilities #VU43833

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4583

Published: July 20, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43833

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-4583

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.

How to mitigate CVE-2011-4583

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1
http://moodle.org/mod/forum/discuss.php?d=191750
https://bugzilla.redhat.com/show_bug.cgi?id=761248

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4583

Detailed vulnerability description

How to mitigate CVE-2011-4583

Sources

Please verify you're human