NVD

Id
10764  
Name
CVE-2011-4295  
Description
The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2012-07-16  
Modified Date
2012-07-16  
Seq
2011-4295  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
60498 10764 CVE-2011-4295 http://git.moodle.org/gw?p=moodle.git;a=commit;h=d20f655d59cd486fd9b3a26ad353af13daafd1d3  View
60499 10764 CVE-2011-4295 http://moodle.org/mod/forum/discuss.php?d=182738  View
60500 10764 CVE-2011-4295 [oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
34844 JVNDB-2011-005086 Moodle の enrol/externallib.php における権限を取得される脆弱性 Moodle の enrol/externallib.php 内の moodle_enrol_external:role_assign 関数は、権限の付与について適切に確認しないため、権限を取得される脆弱性が存在します。 CVE-2011-4295 52202 CVE-2011-4295 10764 6.5 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005086.html 2011-08-08 2012-07-18 View