CVE-2012-3388
Priority
Medium
Description
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4
and 2.3.x before 2.3.1 does not properly interact with the caching feature,
which might allow remote authenticated users to bypass an intended
capability check via unspecified vectors that trigger caching of a user
record.
and 2.3.x before 2.3.1 does not properly interact with the caching feature,
which might allow remote authenticated users to bypass an intended
capability check via unspecified vectors that trigger caching of a user
record.
References
Notes
sbeattie> debian will fix in 2.2.3.dfsg-2.2
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needs-triage |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | needs-triage |
| Ubuntu 12.10 (Quantal Quetzal): | needed |
| Ubuntu 13.04 (Raring Ringtail): | needed |
| Ubuntu 13.10 (Saucy Salamander): | needed |