CVE-2012-6100

Published Jan 27, 2013

Last updated 4 years ago

Overview

Description: report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15A73CE2-73DA-4274-89E0-DD9A413ED17F"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39075F6E-2925-4897-B1DE-C86A066DF54B"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "179DBC2B-B35F-4A19-B522-DF996D5E13E4"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA527724-B44E-46B6-BA53-A83B012EA376"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31A8CAEA-CCCF-4678-B61E-0FFE439890DB"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C22E1EB-57DA-4E3C-BF38-29E2F50AEBF2"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25F99A03-DD94-4380-8E6B-C95D3A57D6EF"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFD575CF-2AF2-443F-841D-F7E25FBD455A"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC2A1954-E30F-40EC-BA59-40D29573E7D6"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25EA194F-BE9D-49A8-AA35-FC7810C06643"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C3888D8-8219-4DE4-8E6C-84F58AFD3B15"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8E52813-E056-4A5C-8BF5-4DD5EF5BF041"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References