CVE-2009-4298: Infoleak
First published: Wed Dec 16 2009(Updated: )
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle | =1.9.4 | |
| Moodle | =1.9.1 | |
| Moodle | =1.8.8 | |
| Moodle | =1.9.6 | |
| Moodle | =1.8.2 | |
| Moodle | =1.9.2 | |
| Moodle | =1.8.5 | |
| Moodle | =1.8.3 | |
| Moodle | =1.8.9 | |
| Moodle | =1.8.7 | |
| Moodle | =1.8.10 | |
| Moodle | =1.9.3 | |
| Moodle | =1.9.5 | |
| Moodle | =1.8.4 | |
| Moodle | =1.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
- http://docs.moodle.org/en/Moodle_1.9.7_release_notes
- http://www.vupen.com/english/advisories/2009/3455
- http://www.securityfocus.com/bid/37244
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
- http://docs.moodle.org/en/Moodle_1.8.11_release_notes
- http://secunia.com/advisories/37614
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
- http://moodle.org/mod/forum/discuss.php?d=139102
Frequently Asked Questions
What is the severity of CVE-2009-4298?
CVE-2009-4298 carries a medium severity rating as it allows attackers to access sensitive user information.
How do I fix CVE-2009-4298?
To fix CVE-2009-4298, users should upgrade to Moodle version 1.8.11 or 1.9.7 or later.
Which Moodle versions are affected by CVE-2009-4298?
CVE-2009-4298 affects Moodle versions 1.8 before 1.8.11 and 1.9 before 1.9.7.
What type of information can be obtained through CVE-2009-4298?
CVE-2009-4298 allows attackers to obtain user account information such as usernames and personal names stored in the user table.
Is there a known workaround for CVE-2009-4298?
There is no known workaround for CVE-2009-4298 other than updating to the recommended patched versions.
- agent/softwarecombine
- agent/type
- agent/author
- agent/references
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/moodle
- canonical/moodle
- version/moodle/1.9.4
- version/moodle/1.9.1
- version/moodle/1.8.8
- version/moodle/1.9.6
- version/moodle/1.8.2
- version/moodle/1.9.2
- version/moodle/1.8.5
- version/moodle/1.8.3
- version/moodle/1.8.9
- version/moodle/1.8.7
- version/moodle/1.8.10
- version/moodle/1.9.3
- version/moodle/1.9.5
- version/moodle/1.8.4
- version/moodle/1.8.1