Vulnerability CVE-2012-6099

Vulnerability Name:

CVE-2012-6099 (CCN-81752)

Assigned:

2012-12-06

Published:

2013-01-21

Updated:

2020-12-01

Summary:

The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.

CVSS v3 Severity:

3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2012-6099

Source: CONFIRM
Type: UNKNOWN
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977

Source: MLIST
Type: UNKNOWN
[oss-security] 20130121 Moodle security notifications public

Source: CCN
Type: BID-57627
Moodle 'lib.php' Arbitrary File Disclosure Vulnerability

Source: XF
Type: UNKNOWN
moodle-backup-converter-info-disc(81752)

Source: CCN
Type: MSA-13-0003
Potential server file access through backup restoration

Source: CONFIRM
Type: Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=220160

Vulnerable Configuration:

Configuration 1:

cpe:/a:moodle:moodle:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.8:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.0:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.5:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.4:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.6:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.7:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.9:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:moodle:moodle:2.2.4:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.5:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.0:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.2.6:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:moodle:moodle:2.3.2:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.3.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:moodle:moodle:2.4.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:moodle:moodle:2.1.0:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:2.1.1:*:*:*:*:*:*:*