Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-3388

Опубликовано: 23 июл. 2012
Источник: nvd
CVSS2: 4
EPSS Низкий

Описание

The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 50%
0.00269
Низкий

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2012-3388

ubuntu
почти 13 лет назад

The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.

debian логотип

CVE-2012-3388

debian
почти 13 лет назад

The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2 ...

github логотип

GHSA-mxp2-wcjh-jf72

github
около 3 лет назад

The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.

EPSS

Процентиль: 50%
0.00269
Низкий

4 Medium

CVSS2

Дефекты

CWE-264