CVE-2012-1168

moderate-risk

Published 2019-11-14

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

Do I need to act?

2.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

NETWORK / LOW complexity

Moodle

Fedora

Enterprise Linux

Redhat Moodle Fedoraproject

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html

Broken Link https://access.redhat.com/security/cve/cve-2012-1168

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1168

Vendor Advisory https://moodle.org/mod/forum/discuss.php?d=198622

Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2012-1168