Main Vulnerability Database Vulnerabilities #VU43833

#VU43833 Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4583

Published: July 20, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43833

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-4583

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote #AU# to read and manipulate data.

Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.

Remediation

Install update from vendor's website.

External links

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1
http://moodle.org/mod/forum/discuss.php?d=191750
https://bugzilla.redhat.com/show_bug.cgi?id=761248