CVE-2012-3388

Priority
Medium
Description
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4
and 2.3.x before 2.3.1 does not properly interact with the caching feature,
which might allow remote authenticated users to bypass an intended
capability check via unspecified vectors that trigger caching of a user
record.
References
Bugs
Notes
 sbeattie> debian will fix in 2.2.3.dfsg-2.2
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 15.04 (Vivid Vervet):needed
Ubuntu 15.10 (Wily Werewolf):needed
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:17:52 UTC (commit 9756)