CVE-2012-3388
Moodle 2.2.x < 2.2.4 and 2.3.x < 2.3.1 - Authenticated Capability Check Bypass via Caching
Title source: llmDescription
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/76955
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49890
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/07/17/1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54481
Scores
EPSS
0.0020
EPSS Percentile
41.6%
Details
CWE
CWE-264
Status
published
Products (5)
moodle/moodle
2.2.0
moodle/moodle
2.2.1
moodle/moodle
2.2.2
moodle/moodle
2.2.3
moodle/moodle
2.3.0
Published
Jul 23, 2012
Tracked Since
Feb 18, 2026