CVE-2012-1155

moderate-risk

Published 2019-11-14

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

Do I need to act?

1.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (6)

Moodle

Fedora

Enterprise Linux

Debian Linux

Affected Vendors

Debian Redhat Moodle Fedoraproject

References (18)

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html

Broken Link https://access.redhat.com/security/cve/cve-2012-1155

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1155

Patch https://moodle.org/mod/forum/discuss.php?d=198621

Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2012-1155