Vulnerability Description
mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.
CVSS Score
4.0
MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | 1.9.1 |
Related Weaknesses (CWE)
References
- http://git.moodle.org/gw?p=moodle.git&a=search&s=MDL-28615
- http://moodle.org/mod/forum/discuss.php?d=188322Vendor Advisory
- http://www.debian.org/security/2012/dsa-2421
- https://bugzilla.redhat.com/show_bug.cgi?id=747444
- http://git.moodle.org/gw?p=moodle.git&a=search&s=MDL-28615
- http://moodle.org/mod/forum/discuss.php?d=188322Vendor Advisory
- http://www.debian.org/security/2012/dsa-2421
- https://bugzilla.redhat.com/show_bug.cgi?id=747444
FAQ
What is CVE-2011-4308?
CVE-2011-4308 is a vulnerability with a CVSS score of 4.0 (MEDIUM). mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.
How severe is CVE-2011-4308?
CVE-2011-4308 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4308?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.