CVE-2012-3388

Priority
Medium
Description
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4
and 2.3.x before 2.3.1 does not properly interact with the caching feature,
which might allow remote authenticated users to bypass an intended
capability check via unspecified vectors that trigger caching of a user
record.
References
Bugs
Notes
 sbeattie> debian will fix in 2.2.3.dfsg-2.2
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
More Information

Updated: 2018-04-28 06:14:46 UTC (commit 14638)