Description

The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.

Remediation

References

CVE-2012-3388

Related Vulnerabilities

WordPress Plugin YARPP-Yet Another Related Posts PHP Object Injection (4.4)

silverstripeCMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6789)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-9402)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7537)

axios Uncontrolled Resource Consumption Vulnerability (CVE-2021-3749)

Severity

Medium

Classification

CVE-2012-3388 CWE-264

Tags

Missing Update Known Vulnerabilities