CVE-2009-4299
First published: Wed Dec 16 2009(Updated: )
mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle | =1.9.4 | |
| Moodle | =1.9.1 | |
| Moodle | =1.8.8 | |
| Moodle | =1.9.6 | |
| Moodle | =1.8.2 | |
| Moodle | =1.9.2 | |
| Moodle | =1.8.5 | |
| Moodle | =1.8.3 | |
| Moodle | =1.8.9 | |
| Moodle | =1.8.7 | |
| Moodle | =1.8.10 | |
| Moodle | =1.9.3 | |
| Moodle | =1.9.5 | |
| Moodle | =1.8.4 | |
| Moodle | =1.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
- http://www.securityfocus.com/bid/37244
- http://www.vupen.com/english/advisories/2009/3455
- http://docs.moodle.org/en/Moodle_1.8.11_release_notes
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
- http://docs.moodle.org/en/Moodle_1.9.7_release_notes
- http://secunia.com/advisories/37614
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
- http://moodle.org/mod/forum/discuss.php?d=139103
Frequently Asked Questions
What is the severity of CVE-2009-4299?
CVE-2009-4299 is considered a medium severity vulnerability due to improper access control allowing unauthorized access to Glossary entries.
How do I fix CVE-2009-4299?
To fix CVE-2009-4299, upgrade Moodle to version 1.8.11 or 1.9.7 or later to properly enforce access controls.
Which versions of Moodle are affected by CVE-2009-4299?
CVE-2009-4299 affects Moodle versions 1.8 before 1.8.11 and 1.9 before 1.9.7.
What can attackers do with the CVE-2009-4299 vulnerability?
Attackers exploiting CVE-2009-4299 can read unauthorized Glossary entries without proper permissions.
Is there a workaround for CVE-2009-4299?
There is no known workaround for CVE-2009-4299; the only mitigation is to upgrade to a patched version.
- agent/type
- agent/softwarecombine
- agent/author
- agent/references
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/moodle
- canonical/moodle
- version/moodle/1.9.4
- version/moodle/1.9.1
- version/moodle/1.8.8
- version/moodle/1.9.6
- version/moodle/1.8.2
- version/moodle/1.9.2
- version/moodle/1.8.5
- version/moodle/1.8.3
- version/moodle/1.8.9
- version/moodle/1.8.7
- version/moodle/1.8.10
- version/moodle/1.9.3
- version/moodle/1.9.5
- version/moodle/1.8.4
- version/moodle/1.8.1