Main Vulnerability Database Vulnerabilities #VU43896

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4309

Published: July 11, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43896

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-4309

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.

How to mitigate CVE-2011-4309

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git;a=commit;h=5eb1cec34f013fdcb559b66bc401f2845ce0bbb7
http://moodle.org/mod/forum/discuss.php?d=188323
https://bugzilla.redhat.com/show_bug.cgi?id=747444

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4309

Detailed vulnerability description

How to mitigate CVE-2011-4309

Sources

Please verify you're human