| Vulnerability Name: | CVE-2012-4407 (CCN-78678) | ||||||||||||
| Assigned: | 2012-09-17 | ||||||||||||
| Published: | 2012-09-17 | ||||||||||||
| Updated: | 2020-12-01 | ||||||||||||
| Summary: | lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file. | ||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-4407 Source: CONFIRM Type: Patch http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585 Source: CCN Type: Moodle Web Site Moodle Source: CCN Type: MSA-12-0053 Blog file access issue Source: CONFIRM Type: Vendor Advisory http://moodle.org/mod/forum/discuss.php?d=211557 Source: MLIST Type: UNKNOWN [oss-security] 20120917 Moodle security notifications public Source: CCN Type: SA50588 Moodle Multiple Vulnerabilities Source: CCN Type: BID-55565 Moodle Multiple Security Vulnerabilities Source: XF Type: UNKNOWN moodle-filelib-security-bypass(78678) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||