GHSA-mr97-gvvg-rhgh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mr97-gvvg-rhgh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mr97-gvvg-rhgh/GHSA-mr97-gvvg-rhgh.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-mr97-gvvg-rhgh
- Aliases
-
- CVE-2012-2353
- Published
- 2022-05-13T01:13:06Z
- Modified
- 2024-01-12T16:41:44.787872Z
- Summary
- Moodle Exposes Sensitive User Information
- Details
-
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.
- Database specific
{ "nvd_published_at": "2012-07-21T03:38:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-12T16:20:31Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2012-2353
- https://github.com/moodle/moodle/commit/a645b79113b2ee7881b6bdae64a0c2a9f04db5c7
- https://github.com/moodle/moodle/commit/ce13ea6ceb15f00c3cc6d40d79b06be39de7987a
- https://github.com/moodle/moodle/commit/cfaa50a61d61719c65aa7e26f5444852931e07b6
- https://github.com/moodle/moodle
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923
- http://openwall.com/lists/oss-security/2012/05/23/2
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle