CVE Vulnerabilities

CVE-2012-2354

Published: Jul 21, 2012 | Modified: Dec 01, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the Recent conversations feature with a modified parameter in a URL.

Affected Software

Name Vendor Start Version End Version
Moodle Moodle 2.1.0 2.1.0
Moodle Moodle 2.1.1 2.1.1
Moodle Moodle 2.1.2 2.1.2
Moodle Moodle 2.1.3 2.1.3
Moodle Moodle 2.1.4 2.1.4
Moodle Moodle 2.1.5 2.1.5
Moodle Ubuntu artful *
Moodle Ubuntu hardy *
Moodle Ubuntu quantal *
Moodle Ubuntu raring *
Moodle Ubuntu saucy *
Moodle Ubuntu upstream *
Moodle Ubuntu utopic *
Moodle Ubuntu vivid *
Moodle Ubuntu wily *
Moodle Ubuntu yakkety *
Moodle Ubuntu zesty *

References