Candidate: CVE-2012-3390
PublicDate: 2012-07-23 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3390
 http://openwall.com/lists/oss-security/2012/07/17/1
 http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d
Description:
 lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does
 not properly restrict file access after a block has been hidden, which
 allows remote authenticated users to obtain sensitive information by
 reading a file that is embedded in a block.
Ubuntu-Description:
Notes:
 sbeattie> debian tracker lists bug 682203 for this issue, but it's not
   covered by the upload that closed that bug report
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682203
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
 upstream: http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d
upstream_moodle: released (2.2.3.dfsg-1)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: not-affected (2.x only)
natty_moodle: not-affected (2.x only)
oneiric_moodle: not-affected (2.x only)
precise_moodle: not-affected (2.x only)
precise/esm_moodle: DNE (precise was not-affected [2.x only])
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: not-affected (2.5.4-1ubuntu1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1ubuntu1])
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.5.4-1ubuntu1)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: not-affected (2.5.4-1ubuntu1)
cosmic_moodle: not-affected (2.5.4-1ubuntu1)
devel_moodle: not-affected (2.5.4-1ubuntu1)