CVE Vulnerabilities

CVE-2011-4584

Published: Jul 20, 2012 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.

Affected Software

Name Vendor Start Version End Version
Moodle Moodle 2.0.2 2.0.2
Moodle Moodle 1.9.4 1.9.4
Moodle Moodle 1.9.1 1.9.1
Moodle Moodle 1.9.6 1.9.6
Moodle Moodle 1.9.9 1.9.9
Moodle Moodle 2.0.1 2.0.1
Moodle Moodle 1.9.11 1.9.11
Moodle Moodle 2.1.2 2.1.2
Moodle Moodle 2.0.4 2.0.4
Moodle Moodle 1.9.2 1.9.2
Moodle Moodle 1.9.12 1.9.12
Moodle Moodle 1.9.10 1.9.10
Moodle Moodle 2.0.3 2.0.3
Moodle Moodle 2.1.1 2.1.1
Moodle Moodle 1.9.3 1.9.3
Moodle Moodle 2.0.5 2.0.5
Moodle Moodle 1.9.13 1.9.13
Moodle Moodle 1.9.5 1.9.5
Moodle Moodle 1.9.14 1.9.14
Moodle Moodle 1.9.8 1.9.8
Moodle Moodle 1.9.7 1.9.7
Moodle Moodle 2.0.0 2.0.0
Moodle Moodle 2.1.0 2.1.0

References