Vulnerability Details CVE-2012-3388
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.1%
CVSS Severity
CVSS v2 Score 4.0
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916
- http://openwall.com/lists/oss-security/2012/07/17/1
- http://secunia.com/advisories/49890
- http://www.securityfocus.com/bid/54481
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76955
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916
- http://openwall.com/lists/oss-security/2012/07/17/1
- http://secunia.com/advisories/49890
- http://www.securityfocus.com/bid/54481
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76955
Products affected by CVE-2012-3388
-
cpe:2.3:a:moodle:moodle:2.2.0
-
cpe:2.3:a:moodle:moodle:2.2.1
-
cpe:2.3:a:moodle:moodle:2.2.2
-
cpe:2.3:a:moodle:moodle:2.2.3
-
cpe:2.3:a:moodle:moodle:2.3.0