CVE-2012-1170 : Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

Published 2019-11-14 17:15:13

Updated 2019-11-15 15:48:22

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-1170

Probability of exploitation activity in the next 30 days: 0.25%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 62 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

Assigned by: nvd@nist.gov (Primary)

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html

[SECURITY] Fedora 17 Update: moodle-2.2.2-1.fc17
Third Party Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html

[SECURITY] Fedora 17 Update: moodle-2.2.2-2.fc17
Third Party Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html

[SECURITY] Fedora 16 Update: moodle-2.0.8-2.fc16
Third Party Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html

[SECURITY] Fedora 15 Update: moodle-1.9.17-1.fc15
Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1170

809223 – (CVE-2012-1155, CVE-2012-1156, CVE-2012-1157, CVE-2012-1158, CVE-2012-1159, CVE-2012-1160, CVE-2012-1161, CVE-2012-1168, CVE-2012-1169, CVE-2012-1170) CVE-2012-1155 CVE-2012-1156 CVE-2012-115
Issue Tracking;Patch;Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html

[SECURITY] Fedora 16 Update: moodle-2.0.8-1.fc16
Third Party Advisory

CVEs referencing this url
https://moodle.org/mod/forum/discuss.php?d=198632

Moodle.org: MSA-12-0023: External enrolment plugin context check issue
Patch;Vendor Advisory
https://security-tracker.debian.org/tracker/CVE-2012-1170

CVE-2012-1170
Third Party Advisory

Moodle » Moodle
Versions before (<) 2.2.2
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 17
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 16
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 15
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
Matching versions