PublicDate: 2006-09-23 00:07:00 UTC
Candidate: CVE-2006-4943
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4943
Description:
 course/jumpto.php in Moodle before 1.6.2 does not validate the session key
 (sesskey) before providing content from arbitrary local URIs, which allows
 remote attackers to obtain sensitive information via the jump parameter.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: low
Discovered-by:
Assigned-to:
CVSS:

upstream_moodle: released (1.6.2)
dapper_moodle: ignored (reached end-of-life)
edgy_moodle: not-affected (1.6.2-1ubuntu1.1)
feisty_moodle: not-affected (1.6.3-2ubuntu1)
gutsy_moodle: not-affected (1.8.2-1)
hardy_moodle: not-affected (1.8.2-1)
intrepid_moodle: not-affected (1.8.2-1)
jaunty_moodle: not-affected (1.8.2-1)
karmic_moodle: not-affected (1.8.2-1)
devel_moodle: not-affected (1.8.2-1)