GHSA-72gv-qqrp-h9qg

Source

https://github.com/advisories/GHSA-72gv-qqrp-h9qg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-72gv-qqrp-h9qg/GHSA-72gv-qqrp-h9qg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-72gv-qqrp-h9qg

Aliases

CVE-2012-0797

Published

2022-05-13T01:13:04Z

Modified

2024-01-12T16:41:44.713947Z

Summary

Moodle Users Can Bypass Deleted Status

Details

The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.

Database specific

{
    "nvd_published_at": "2012-07-17T10:20:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T16:10:49Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2

Fixed

2.2.1

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1

Fixed

2.1.4

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0

Fixed

2.0.7