CVE Vulnerabilities

CVE-2011-4584

Published: Jul 20, 2012 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.

Affected Software

Name Vendor Start Version End Version
Moodle Moodle 1.9.1 (including) 1.9.1 (including)
Moodle Moodle 1.9.2 (including) 1.9.2 (including)
Moodle Moodle 1.9.3 (including) 1.9.3 (including)
Moodle Moodle 1.9.4 (including) 1.9.4 (including)
Moodle Moodle 1.9.5 (including) 1.9.5 (including)
Moodle Moodle 1.9.6 (including) 1.9.6 (including)
Moodle Moodle 1.9.7 (including) 1.9.7 (including)
Moodle Moodle 1.9.8 (including) 1.9.8 (including)
Moodle Moodle 1.9.9 (including) 1.9.9 (including)
Moodle Moodle 1.9.10 (including) 1.9.10 (including)
Moodle Moodle 1.9.11 (including) 1.9.11 (including)
Moodle Moodle 1.9.12 (including) 1.9.12 (including)
Moodle Moodle 1.9.13 (including) 1.9.13 (including)
Moodle Moodle 1.9.14 (including) 1.9.14 (including)
Moodle Moodle 2.0.0 (including) 2.0.0 (including)
Moodle Moodle 2.0.1 (including) 2.0.1 (including)
Moodle Moodle 2.0.2 (including) 2.0.2 (including)
Moodle Moodle 2.0.3 (including) 2.0.3 (including)
Moodle Moodle 2.0.4 (including) 2.0.4 (including)
Moodle Moodle 2.0.5 (including) 2.0.5 (including)
Moodle Moodle 2.1.0 (including) 2.1.0 (including)
Moodle Moodle 2.1.1 (including) 2.1.1 (including)
Moodle Moodle 2.1.2 (including) 2.1.2 (including)
Moodle Ubuntu hardy *
Moodle Ubuntu lucid *
Moodle Ubuntu maverick *
Moodle Ubuntu natty *
Moodle Ubuntu oneiric *

References