CVE Vulnerabilities

CVE-2012-3391

Published: Jul 23, 2012 | Modified: Dec 01, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum.

Affected Software

Name Vendor Start Version End Version
Moodle Moodle 2.2.2 2.2.2
Moodle Moodle 2.1.2 2.1.2
Moodle Moodle 2.1.1 2.1.1
Moodle Moodle 2.1.5 2.1.5
Moodle Moodle 2.1.6 2.1.6
Moodle Moodle 2.1.3 2.1.3
Moodle Moodle 2.2.1 2.2.1
Moodle Moodle 2.2.3 2.2.3
Moodle Moodle 2.1.4 2.1.4
Moodle Moodle 2.1.0 2.1.0
Moodle Moodle 2.2.0 2.2.0

References