4
CVE-2012-3397
- EPSS 1.13%
- Veröffentlicht 23.07.2012 21:55:04
- Zuletzt bearbeitet 16.06.2026 23:43:08
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.13% | 0.621 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
http://openwall.com/lists/oss-security/2012/07/17/1
http://secunia.com/advisories/49890
http://www.securityfocus.com/bid/54481
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33466
https://exchange.xforce.ibmcloud.com/vulnerabilities/76963