CVE-2012-3388

Priority
Medium
Description
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4
and 2.3.x before 2.3.1 does not properly interact with the caching feature,
which might allow remote authenticated users to bypass an intended
capability check via unspecified vectors that trigger caching of a user
record.
References
Bugs
Notes
sbeattie> debian will fix in 2.2.3.dfsg-2.2
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 12.10 (Quantal Quetzal):needed
Ubuntu 13.10 (Saucy Salamander):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
More Information

Valid XHTML 1.0 Strict

Updated: 2014-04-18 13:16:09 UTC (commit 7949)