Main Vulnerability Database Vulnerabilities #VU43875

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4288

Published: July 16, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43875

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-4288

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.

How to mitigate CVE-2011-4288

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git;a=commit;h=79c6e3a0968ee1fedcf8a1f14f8086fcd9dbd3f6
http://moodle.org/mod/forum/discuss.php?d=175590
http://openwall.com/lists/oss-security/2011/11/14/1

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4288

Detailed vulnerability description

How to mitigate CVE-2011-4288

Sources

Please verify you're human