CVE-2011-4592
Moodle 2.0.x-2.0.6 and 2.1.x-2.1.3 - IP Blocking Bypass via Cron Configuration
Title source: llmDescription
The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.
References (3)
Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=761248
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=ade30ad3c420ce035a3d68287db701b70e806b3f
Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=191761
Scores
EPSS
0.0016
EPSS Percentile
36.6%
Details
CWE
CWE-264
Status
published
Products (9)
moodle/moodle
2.0.0
moodle/moodle
2.0.1
moodle/moodle
2.0.2
moodle/moodle
2.0.3
moodle/moodle
2.0.4
moodle/moodle
2.0.5
moodle/moodle
2.1.0
moodle/moodle
2.1.1
moodle/moodle
2.1.2
Published
Jul 20, 2012
Tracked Since
Feb 18, 2026