Main Vulnerability Database Vulnerabilities #VU43858

Permissions, Privileges, and Access Controls in Moodle - CVE-2012-0793

Published: July 17, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43858

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-0793

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.

How to mitigate CVE-2012-0793

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git;a=commit;h=90911c4ff98dc2078a3acef5ddf5a1a8f7e20ba5
http://moodle.org/mod/forum/discuss.php?d=194012
http://www.debian.org/security/2012/dsa-2421
https://bugzilla.redhat.com/show_bug.cgi?id=783532

Permissions, Privileges, and Access Controls in Moodle - CVE-2012-0793

Detailed vulnerability description

How to mitigate CVE-2012-0793

Sources

Please verify you're human