Moodle default permissions too permissive · CVE-2012-1157 · GitHub Advisory Database · GitHub

Moodle default permissions too permissive

Moderate severity GitHub Reviewed Published Apr 23, 2022 to the GitHub Advisory Database • Updated Dec 29, 2023

Package

moodle/moodle (Composer)

Affected versions

>= 2.2, <= 2.2.1

>= 2.1, <= 2.1.4

>= 2.0, <= 2.0.7

< 1.9.17

Patched versions

2.2.2

2.1.5

2.0.8

1.9.17

Description

Moodle before 2.2.2 default settings allowed all repositories to be viewable by all authenticated users.

References

Published by the National Vulnerability Database

Nov 14, 2019

Published to the GitHub Advisory Database Apr 23, 2022

Reviewed Dec 29, 2023

Last updated Dec 29, 2023

Severity

Moderate

4.3

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N