Security Advisory

CVE-2012-3388

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-07-23 21:00:00
Last updated 2024-08-06 20:05:12
Assigner redhat
State PUBLISHED

Description

The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.