Description

The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation.

Remediation

References

CVE-2011-4304

Related Vulnerabilities

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3221)

Apache HTTP Server Other Vulnerability (CVE-2006-5752)

WordPress Plugin Booking Calendar Cross-Site Scripting (7.1)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-3664)

WordPress Plugin Asgaros Forum Multiple Vulnerabilities (1.15.14)

Severity

Medium

Classification

CVE-2011-4304 CWE-200

Tags

Missing Update Known Vulnerabilities