CVE-2012-3388

{"id": "CVE-2012-3388", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-07-23T21:55:04.577", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916", "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2012/07/17/1", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/49890", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/54481", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76955", "source": "secalert@redhat.com"}, {"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://openwall.com/lists/oss-security/2012/07/17/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/49890", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/54481", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76955", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record."}, {"lang": "es", "value": "La funci\u00f3n is_enrolled en lib/accesslib.php en Moodle v2.2.x anteriores a v2.2.4 y v2.3.x anteriores a v2.3.1 no interact\u00faa de forma adecuada con la caracter\u00edstica de cacheado, lo qe podr\u00eda permitir a usuarios remotos autenticados evitar el control de capacidad a trav\u00e9s de vectores que provocan un cacheado del registro de usuario."}], "lastModified": "2024-11-21T01:40:45.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15A73CE2-73DA-4274-89E0-DD9A413ED17F"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39075F6E-2925-4897-B1DE-C86A066DF54B"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "179DBC2B-B35F-4A19-B522-DF996D5E13E4"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA527724-B44E-46B6-BA53-A83B012EA376"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFD575CF-2AF2-443F-841D-F7E25FBD455A"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}