Candidate: CVE-2012-3388
PublicDate: 2012-07-23 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3388
 http://openwall.com/lists/oss-security/2012/07/17/1
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916
Description:
 The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4
 and 2.3.x before 2.3.1 does not properly interact with the caching feature,
 which might allow remote authenticated users to bypass an intended
 capability check via unspecified vectors that trigger caching of a user
 record.
Ubuntu-Description:
Notes:
 sbeattie> debian will fix in 2.2.3.dfsg-2.2
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682203
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (2.2.3.dfsg-2.2)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: ignored (reached end-of-life)
natty_moodle: ignored (reached end-of-life)
oneiric_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needs-triage)
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: not-affected (2.5.4-1ubuntu1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1ubuntu1])
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.5.4-1ubuntu1)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: not-affected (2.5.4-1ubuntu1)
cosmic_moodle: not-affected (2.5.4-1ubuntu1)
devel_moodle: not-affected (2.5.4-1ubuntu1)