CVE-2012-1155
Publication date 14 November 2019
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+, 2.0 to 2.0.7+, 1.9 to 1.9.16+ are affected.
Status
Package | Ubuntu Release | Status |
---|---|---|
moodle | ||
Patch details
Package | Patch details |
---|---|
moodle |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 · High |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |