Candidate: CVE-2012-6101
PublicDate: 2013-01-27 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6101
 http://www.openwall.com/lists/oss-security/2013/01/21
 https://moodle.org/security/
Description:
 Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x
 before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect
 users to arbitrary web sites and conduct phishing attacks via vectors
 related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php,
 (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5)
 tag/coursetags_add.php, or (6) user/files.php.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Simon Coggins
Assigned-to:
CVSS: 

Patches_moodle:
 upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35991
upstream_moodle: released (2.4.1)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: not-affected (1.9.4.dfsg-0ubuntu4)
oneiric_moodle: not-affected (1.9.9.dfsg2-3)
precise_moodle: not-affected (1.9.9.dfsg2-6)
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: not-affected (2.5.2-1)
trusty_moodle: not-affected (2.5.4-1ubuntu1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1ubuntu1])
devel_moodle: not-affected (2.5.4-1ubuntu1)