CVE Vulnerabilities

CVE-2012-6098

Published: Jan 27, 2013 | Modified: Dec 01, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature.

Affected Software

Name Vendor Start Version End Version
Moodle Moodle 1.9.4 1.9.4
Moodle Moodle 1.9.17 1.9.17
Moodle Moodle 1.9.1 1.9.1
Moodle Moodle 1.9.6 1.9.6
Moodle Moodle 1.9.9 1.9.9
Moodle Moodle 1.9.11 1.9.11
Moodle Moodle 1.9.2 1.9.2
Moodle Moodle 1.9.12 1.9.12
Moodle Moodle 1.9.18 1.9.18
Moodle Moodle 1.9.10 1.9.10
Moodle Moodle 1.9.16 1.9.16
Moodle Moodle 1.9.3 1.9.3
Moodle Moodle 1.9.13 1.9.13
Moodle Moodle 1.9.5 1.9.5
Moodle Moodle 1.9.14 1.9.14
Moodle Moodle 1.9.15 1.9.15
Moodle Moodle 1.9.8 1.9.8
Moodle Moodle 1.9.7 1.9.7

References