Vulnerability Description
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | 1.9.2 |
Related Weaknesses (CWE)
References
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=79c6e3a0968ee1fedcf8a1f14f8
- http://moodle.org/mod/forum/discuss.php?d=175590Vendor Advisory
- http://openwall.com/lists/oss-security/2011/11/14/1
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=79c6e3a0968ee1fedcf8a1f14f8
- http://moodle.org/mod/forum/discuss.php?d=175590Vendor Advisory
- http://openwall.com/lists/oss-security/2011/11/14/1
FAQ
What is CVE-2011-4288?
CVE-2011-4288 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary studen...
How severe is CVE-2011-4288?
CVE-2011-4288 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4288?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.