Vulnerability Description
The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | 2.0.0 |
Related Weaknesses (CWE)
References
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f6b07c4da54a9db24723beb147e
- http://moodle.org/mod/forum/discuss.php?d=188311Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=747444Patch
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f6b07c4da54a9db24723beb147e
- http://moodle.org/mod/forum/discuss.php?d=188311Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=747444Patch
FAQ
What is CVE-2011-4300?
CVE-2011-4300 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensit...
How severe is CVE-2011-4300?
CVE-2011-4300 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4300?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.