4
CVE-2012-3388
- EPSS 1.13%
- Veröffentlicht 23.07.2012 21:55:04
- Zuletzt bearbeitet 16.06.2026 23:43:07
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.13% | 0.621 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
http://openwall.com/lists/oss-security/2012/07/17/1
http://secunia.com/advisories/49890
http://www.securityfocus.com/bid/54481
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916
https://exchange.xforce.ibmcloud.com/vulnerabilities/76955