CVE-2012-2356 in Ubuntu

CVE-2012-2356

Priority

Low

Description

The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x
before 2.2.3 allows remote authenticated users to bypass intended
capability requirements and save questions via a save_question action.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2356
http://www.openwall.com/lists/oss-security/2012/05/23/2

Notes

jdstrand> moodle 2.1 and higher

Package

Source: moodle (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):	not-affected
Ubuntu 11.10 (Oneiric Ocelot):	not-affected
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected (1.9.9.dfsg2-6)
Ubuntu 12.10 (Quantal Quetzal):	needs-triage
Ubuntu 13.04 (Raring Ringtail):	needs-triage

Patches:

Upstream:

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32239

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2013-04-25 17:14:54 UTC (commit 6757)