GHSA-9p54-pc88-36c4

Source

https://github.com/advisories/GHSA-9p54-pc88-36c4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9p54-pc88-36c4/GHSA-9p54-pc88-36c4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9p54-pc88-36c4

Aliases

CVE-2011-4300

Published

2022-05-13T01:13:15Z

Modified

2024-01-17T16:26:38.293613Z

Summary

Moodle does not properly restrict access to category and course data

Details

The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.

Database specific

{
    "nvd_published_at": "2012-07-11T10:26:00Z",
    "cwe_ids": [
        "CWE-284"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-17T15:51:20Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1

Fixed

2.1.2

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.5