CVE-2011-4288 - Vulnerability Details - OpenCVE

Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moodle	Moodle

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle:1.9.2:::::::*
	cpe:2.3:a:moodle:moodle:1.9.3:::::::*
	cpe:2.3:a:moodle:moodle:1.9.4:::::::*
	cpe:2.3:a:moodle:moodle:1.9.5:::::::*
	cpe:2.3:a:moodle:moodle:1.9.6:::::::*
	cpe:2.3:a:moodle:moodle:1.9.7:::::::*
	cpe:2.3:a:moodle:moodle:1.9.8:::::::*
	cpe:2.3:a:moodle:moodle:1.9.9:::::::*
	cpe:2.3:a:moodle:moodle:1.9.10:::::::*
	cpe:2.3:a:moodle:moodle:1.9.11:::::::*
	cpe:2.3:a:moodle:moodle:2.0.0:::::::*
	cpe:2.3:a:moodle:moodle:2.0.1:::::::*
	cpe:2.3:a:moodle:moodle:2.0.2:::::::*

No data.

References

Link	Providers
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=79c6e3a0968ee1fedcf8a1f14f8086fcd9dbd3f6
http://moodle.org/mod/forum/discuss.php?d=175590
http://openwall.com/lists/oss-security/2011/11/14/1

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-07-16T10:00:00

Updated: 2024-08-07T00:01:51.584Z

Reserved: 2011-11-04T00:00:00

Link: CVE-2011-4288

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-07-16T10:28:36.783

Modified: 2024-11-21T01:32:08.970

Link: CVE-2011-4288

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "D7F24649-B67F-4809-9F54-7B623AEF5A4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "6B81655E-C3B5-4115-A4C4-B7AC2FCDAB7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "ED9C3840-66BE-47EC-9F0C-E9D2171FF0B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "DBD062EB-1B1F-4DC8-A4F9-C2EC7D401E9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "291F73E9-1059-4E7F-860F-0DF2A35AA456", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "0EB5859E-0996-46B5-BB44-34BD6EACBCF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "F87F6707-99AB-478A-909D-1D87298D5514", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "4BCE8B26-58BB-471C-B291-E6AE22B96C5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "768CE5AF-955B-4148-998A-A46BBDBA618B", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "4283440F-9B21-4CE9-81FF-79DF3DEDCEE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DD248A1D-CACC-4E76-925A-078B736442AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B8A0403-0869-495F-B7C0-13A387549C7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "39791F43-CF89-485B-AA8B-634C282BB025", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role."}, {"lang": "es", "value": "Moodle v1.9.x anterior a v1.9.12 y v2.0.x anterior a v2.0.3 no aplica correctamente las asociaciones entre los profesores y los grupos, lo que permite a usuarios remotos autenticados leer los informes de examen de los estudiantes arbitrarios mediante el aprovechamiento de la funci\u00f3n docente."}], "id": "CVE-2011-4288", "lastModified": "2024-11-21T01:32:08.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-07-16T10:28:36.783", "references": [{"source": "secalert@redhat.com", "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=79c6e3a0968ee1fedcf8a1f14f8086fcd9dbd3f6"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://moodle.org/mod/forum/discuss.php?d=175590"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/11/14/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=79c6e3a0968ee1fedcf8a1f14f8086fcd9dbd3f6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://moodle.org/mod/forum/discuss.php?d=175590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/11/14/1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}