1
Candidate: CVE-2012-2354
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2354
5
http://www.openwall.com/lists/oss-security/2012/05/23/2
7
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote
8
authenticated users to bypass the moodle/site:readallmessages capability
9
requirement and read arbitrary messages by using the "Recent conversations"
10
feature with a modified parameter in a URL.
13
jdstrand> moodle 2.1 and higher
16
Discovered-by: Juan Aburto
20
upstream: http://git.moodle.org/gw?p=moodle.git;a=commit;h=48e03792ca8faa2d781f9ef74606f3b3f0d3baec
21
upstream_moodle: needs-triage
22
hardy_moodle: ignored (reached end-of-life)
23
lucid_moodle: not-affected
24
natty_moodle: not-affected
25
oneiric_moodle: not-affected
26
precise_moodle: not-affected (1.9.9.dfsg2-6)
27
precise/esm_moodle: DNE (precise was not-affected [1.9.9.dfsg2-6])
28
quantal_moodle: ignored (reached end-of-life)
29
raring_moodle: ignored (reached end-of-life)
30
saucy_moodle: ignored (reached end-of-life)
31
trusty_moodle: needs-triage
32
utopic_moodle: ignored (reached end-of-life)
33
vivid_moodle: ignored (reached end-of-life)
34
vivid/stable-phone-overlay_moodle: DNE
35
vivid/ubuntu-core_moodle: DNE
36
wily_moodle: ignored (reached end-of-life)
37
xenial_moodle: needs-triage
38
yakkety_moodle: ignored (reached end-of-life)
39
zesty_moodle: ignored (reached end-of-life)
40
artful_moodle: needs-triage
41
bionic_moodle: needs-triage
42
devel_moodle: needs-triage