Main Vulnerability Database Vulnerabilities #VU43901

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4300

Published: July 11, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43901

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-4300

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.

How to mitigate CVE-2011-4300

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git;a=commit;h=f6b07c4da54a9db24723beb147e8a19a3d487e00
http://moodle.org/mod/forum/discuss.php?d=188311
https://bugzilla.redhat.com/show_bug.cgi?id=747444

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4300

Detailed vulnerability description

How to mitigate CVE-2011-4300

Sources

Please verify you're human