CVE-2012-1155
Published: 14 November 2019
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+, 2.0 to 2.0.7+, 1.9 to 1.9.16+ are affected.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
moodle Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
| quantal |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
| raring |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
| saucy |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-25185 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |