Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough
Weakness
The product does not validate or incorrectly validates the integrity check values or “checksums” of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Moodle | Moodle | * | 2.2.2 (excluding) |
| Moodle | Ubuntu | hardy | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/145.html
- https://cwe.mitre.org/data/definitions/463.html
- https://cwe.mitre.org/data/definitions/75.html
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
- https://access.redhat.com/security/cve/cve-2012-1170
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1170
- https://moodle.org/mod/forum/discuss.php?d=198632
- https://security-tracker.debian.org/tracker/CVE-2012-1170
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
- https://access.redhat.com/security/cve/cve-2012-1170
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1170
- https://moodle.org/mod/forum/discuss.php?d=198632
- https://security-tracker.debian.org/tracker/CVE-2012-1170