GHSA-3rqj-jchw-9cc7

Source

https://github.com/advisories/GHSA-3rqj-jchw-9cc7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3rqj-jchw-9cc7/GHSA-3rqj-jchw-9cc7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3rqj-jchw-9cc7

Aliases

CVE-2012-2356

Published

2022-05-13T01:13:06Z

Modified

2024-01-12T16:41:44.863726Z

Summary

Moodle Authentication Bypass in Question-Bank

Details

The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.

Database specific

{
    "nvd_published_at": "2012-07-21T03:38:00Z",
    "cwe_ids": [
        "CWE-288"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T16:18:18Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1

Fixed

2.1.6

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2

Fixed

2.2.3