Description

lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users.

Remediation

References

CVE-2012-3397

Related Vulnerabilities

YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-4092)

WordPress Plugin Booking.com Product Helper Cross-Site Scripting (1.0.1)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4593)

WordPress Plugin Doneren met Mollie Information Disclosure (2.8.4)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-9025)

Severity

Medium

Classification

CVE-2012-3397 CWE-264

Tags

Missing Update Known Vulnerabilities