Main Vulnerability Database Vulnerabilities #VU43895

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4308

Published: July 11, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43895

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-4308

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.

How to mitigate CVE-2011-4308

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&s=MDL-28615
http://moodle.org/mod/forum/discuss.php?d=188322
http://www.debian.org/security/2012/dsa-2421
https://bugzilla.redhat.com/show_bug.cgi?id=747444

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4308

Detailed vulnerability description

How to mitigate CVE-2011-4308

Sources

Please verify you're human