Moodle Multiple Access Permissions Security Bypass Vulnerabilities
BID:52631
Info
Moodle Multiple Access Permissions Security Bypass Vulnerabilities
| Bugtraq ID: | 52631 |
| Class: | Unknown |
| CVE: |
CVE-2012-1155 CVE-2012-1157 CVE-2012-1169 CVE-2012-1158 CVE-2012-1159 CVE-2012-1160 CVE-2012-1161 CVE-2012-1170 CVE-2012-1168 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2012 12:00AM |
| Updated: | Apr 13 2015 09:59PM |
| Credit: | Frederic Hoogstoel, Fabio Souto, Andrea Bicciolo, John Fitchett, Kathryn Fortin, Mark Nelson, Eloy Lafuente, Ivo Smelhaus, and Petr Skoda |
| Vulnerable: |
Moodle Moodle 2.2.1 Moodle Moodle 2.1.4 Moodle Moodle 2.1.2 Moodle Moodle 2.1.1 Moodle Moodle 2.0.7 Moodle Moodle 2.0.5 Moodle Moodle 2.0.4 Moodle Moodle 2.0.3 Moodle Moodle 2.0.2 Moodle Moodle 2.0.1 Moodle Moodle 2.0.1 Moodle Moodle 1.9.16 Moodle Moodle 1.9.14 Moodle Moodle 1.9.13 Moodle Moodle 1.9.12 Moodle Moodle 1.9.11 Moodle moodle 1.9.10 Moodle Moodle 1.9.10 Moodle Moodle 1.9.9 Moodle moodle 1.9.8 Moodle Moodle 1.9.7 Moodle moodle 1.9.6 Moodle Moodle 1.9.5 Moodle Moodle 1.9.4 Moodle moodle 1.9.3 Moodle moodle 1.9.2 Moodle Moodle 1.9.1 Moodle Moodle 2.2 Moodle Moodle 2.1.3 Moodle Moodle 2.1 Moodle Moodle 2.0.6 Moodle Moodle 2.0 Moodle Moodle 1.9.15 Moodle Moodle 1.9 |
| Not Vulnerable: |
Moodle Moodle 2.2.2 Moodle Moodle 2.1.5 Moodle Moodle 2.0.8 Moodle Moodle 1.9.17 |
Discussion
Moodle Multiple Access Permissions Security Bypass Vulnerabilities
Moodle is prone to multiple security-bypass vulnerabilities.
Successful attacks can allow an attacker to bypass certain security restrictions and obtain sensitive information.
The following Moodle versions are vulnerable:
2.2 to 2.2.1
2.1 to 2.1.4
2.0 to 2.0.7
1.9 to 1.9.16
Moodle is prone to multiple security-bypass vulnerabilities.
Successful attacks can allow an attacker to bypass certain security restrictions and obtain sensitive information.
The following Moodle versions are vulnerable:
2.2 to 2.2.1
2.1 to 2.1.4
2.0 to 2.0.7
1.9 to 1.9.16
Exploit / POC
Moodle Multiple Access Permissions Security Bypass Vulnerabilities
An attacker can use a browser to exploit these issues.
An attacker can use a browser to exploit these issues.
Solution / Fix
Moodle Multiple Access Permissions Security Bypass Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Moodle Multiple Access Permissions Security Bypass Vulnerabilities
References:
References:
- Moodle Homepage (Moodle)
- MSA-12-0013: Database activity export permission issue (Michael de Raadt)
- MSA-12-0014: Password and Web services issue (Michael de Raadt)
- MSA-12-0016: Default repository capabilities issue (Michael de Raadt)
- MSA-12-0017: Personal information leak issue (Michael de Raadt)
- MSA-12-0018: Course information leak in Gradebook export (Michael de Raadt)
- MSA-12-0019: Overview report and hidden course issue (Michael de Raadt)
- MSA-12-0020: Forum subscription permission issue (Michael de Raadt)
- MSA-12-0021: Course information leak through tags (Michael de Raadt)
- MSA-12-0023: External enrolment plugin context check issue (Michael de Raadt)