CVE-2011-4300

EUVD-2022-3416
The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
moodlemoodle
2.0.0
moodlemoodle
2.0.1
moodlemoodle
2.0.2
moodlemoodle
2.0.3
moodlemoodle
2.0.4
moodlemoodle
2.1.0
moodlemoodle
2.1.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moodle
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f6b07c4da54a9db24723beb147e8a19a3d487e00
http://moodle.org/mod/forum/discuss.php?d=188311
https://bugzilla.redhat.com/show_bug.cgi?id=747444
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f6b07c4da54a9db24723beb147e8a19a3d487e00
http://moodle.org/mod/forum/discuss.php?d=188311
https://bugzilla.redhat.com/show_bug.cgi?id=747444