Candidate: CVE-2012-2359
PublicDate: 2012-07-21 03:38:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2359
 http://www.openwall.com/lists/oss-security/2012/05/23/2
Description:
 admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6,
 and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges
 by leveraging the teacher role and modifying their own capabilities, as
 demonstrated by obtaining the backup:userinfo capability.
Ubuntu-Description:
Notes:
 jdstrand> moodle 2.0 and higher
Bugs:
Priority: medium
Discovered-by: Jozas Nhial
Assigned-to:
CVSS: 

Patches_moodle:
 upstream: http://git.moodle.org/gw?p=moodle.git;a=commit;h=0f75e1e6272db0303abc8e27362e5c3a1344b82f
upstream_moodle: released (2.2.3.dfsg-1)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: not-affected
natty_moodle: not-affected
oneiric_moodle: not-affected
precise_moodle: not-affected (1.9.9.dfsg2-6)
precise/esm_moodle: DNE (precise was not-affected [1.9.9.dfsg2-6])
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: not-affected (2.5.4-1ubuntu1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1ubuntu1])
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.5.4-1ubuntu1)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: not-affected (2.5.4-1ubuntu1)
cosmic_moodle: not-affected (2.5.4-1ubuntu1)
devel_moodle: not-affected (2.5.4-1ubuntu1)