Main Vulnerability Database Vulnerabilities #VU43834

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4584

Published: July 20, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43834

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-4584

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to manipulate data.

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.

How to mitigate CVE-2011-4584

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git;a=commit;h=10df8657c1c138c0d0ab1d4796c552fcec0c299b
http://moodle.org/mod/forum/discuss.php?d=191751
http://www.debian.org/security/2012/dsa-2421
https://bugzilla.redhat.com/show_bug.cgi?id=761248

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4584

Detailed vulnerability description

How to mitigate CVE-2011-4584

Sources

Please verify you're human