CVE-2012-1155Sensitive Information Exposure in Moodle

CWE-200Sensitive Information Exposure5 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.3%
top 20.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
MoodleDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedNov 14
Latest updateApr 23

Description

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDmoodle/moodle1.91.9.17+3
CVEListV5moodle/moodle4 versions+3

Also affects: Debian Linux 6.0, Fedora 15, 16, 17, Enterprise Linux 6.0

Patches

Patch: bugzilla.redhat.comPatch: moodle.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

1
GHSA
GHSA-x2p9-f5fv-m7m7: Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from g2022-04-23

💬Community

3
Bugzilla
CVE-2012-1155 CVE-2012-1156 CVE-2012-1157 CVE-2012-1158 CVE-2012-1159 CVE-2012-1160 CVE-2012-1161 CVE-2012-1168 CVE-2012-1169 CVE-2012-1170 moodle: multiple security fixes in 2.2.2, 2.1.5, 2.0.8, 1.9.2012-04-02
Bugzilla
CVE-2012-1155 CVE-2012-1156 CVE-2012-1157 CVE-2012-1158 CVE-2012-1159 CVE-2012-1160 CVE-2012-1161 CVE-2012-1168 CVE-2012-1169 CVE-2012-1170 moodle: multiple security fixes in 2.2.2, 2.1.5, 2.0.8, 1.9.2012-04-02
Bugzilla
CVE-2012-1155 CVE-2012-1156 CVE-2012-1157 CVE-2012-1158 CVE-2012-1159 CVE-2012-1160 CVE-2012-1161 CVE-2012-1168 CVE-2012-1169 CVE-2012-1170 moodle: multiple security fixes in 2.2.2, 2.1.5, 2.0.8, 1.9.2012-04-02
CVE-2012-1155 — Sensitive Information Exposure | cvebase