Candidate: CVE-2012-6102
PublicDate: 2013-01-27 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6102
 http://www.openwall.com/lists/oss-security/2013/01/21
 https://moodle.org/security/
Description:
 lib.php in the Submission comments plugin in the Assignment module in
 Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to
 read or modify the submission comments (aka feedback comments) of arbitrary
 users via a crafted URI.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Dan Poltawski
Assigned-to:
CVSS: 

Patches_moodle:
 upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37244
upstream_moodle: released (2.4.1)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: not-affected (1.9.4.dfsg-0ubuntu4)
oneiric_moodle: not-affected (1.9.9.dfsg2-3)
precise_moodle: not-affected (1.9.9.dfsg2-6)
quantal_moodle: not-affected (2.2.3.dfsg-2.3)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: not-affected (2.5.2-1)
trusty_moodle: not-affected (2.5.4-1ubuntu1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1ubuntu1])
devel_moodle: not-affected (2.5.4-1ubuntu1)