| Vulnerability Name: | CVE-2012-6102 (CCN-81445) | ||||||||||||
| Assigned: | 2012-12-06 | ||||||||||||
| Published: | 2013-01-15 | ||||||||||||
| Updated: | 2020-12-01 | ||||||||||||
| Summary: | lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI. | ||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N) 5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
5.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-6102 Source: CONFIRM Type: UNKNOWN http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37244 Source: MLIST Type: UNKNOWN [oss-security] 20130121 Moodle security notifications public Source: CCN Type: SA51842 Moodle Multiple Vulnerabilities Source: CCN Type: BID-60053 Moodle CVE-2012-6102 Information Disclosure Vulnerability Source: XF Type: UNKNOWN moodle-comments-lib-security-bypass(81445) Source: CCN Type: Moodle Web Site Moodle Source: CCN Type: MSA-13-0006 Potential information leak in Assignment module Source: CONFIRM Type: Vendor Advisory https://moodle.org/mod/forum/discuss.php?d=220163 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||