PT-2019-6739 · Moodle · Moodle

Andrea Bicciolo

Published

2019-11-14

Updated

2022-04-23

CVE-2012-1157

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 2.2.2

Description The issue concerns default repository settings, where all repositories are viewable by all authenticated users due to a default capabilities issue. This allows unauthorized access to repository content.

Recommendations For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to repositories by adjusting the default settings to limit visibility to authorized users only.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2012-1157

GHSA-2X36-7XFM-PGM7

Affected Products

Moodle

PT-2019-6739 · Moodle · Moodle

CVE-2012-1157

Weakness Enumeration

Related Identifiers

Affected Products

References · 13