CVE-2012-0792: Infoleak
First published: Fri Jan 20 2012(Updated: )
mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle | =1.9.1 | |
| Moodle | =1.9.2 | |
| Moodle | =1.9.3 | |
| Moodle | =1.9.4 | |
| Moodle | =1.9.5 | |
| Moodle | =1.9.6 | |
| Moodle | =1.9.7 | |
| Moodle | =1.9.8 | |
| Moodle | =1.9.9 | |
| Moodle | =1.9.10 | |
| Moodle | =1.9.11 | |
| Moodle | =1.9.12 | |
| Moodle | =1.9.13 | |
| Moodle | =1.9.14 | |
| Moodle | =1.9.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=36b0ddeed45d0751508dcd9fa50f17fda43bae54
- http://moodle.org/mod/forum/discuss.php?d=194009
- http://www.debian.org/security/2012/dsa-2421
- https://bugzilla.redhat.com/show_bug.cgi?id=783532
- http://docs.moodle.org/dev/Moodle_2.2.1_release_notes
- http://docs.moodle.org/dev/Moodle_2.1.4_release_notes
- http://docs.moodle.org/dev/Moodle_2.0.7_release_notes
- http://docs.moodle.org/dev/Moodle_1.9.16_release_notes
- http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=b608b227bac4efba76da43dabe9bc2e32fb8fa32
- http://moodle.org/mod/forum/discuss.php?d=194008
- http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=36b0ddeed45d0751508dcd9fa50f17fda43bae54
- http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=aa30d3e8ce0dd41d3d0f7dae856beb180fed1f83
- http://moodle.org/mod/forum/discuss.php?d=194011
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=90911c4ff98dc2078a3acef5ddf5a1a8f7e20ba5
- http://moodle.org/mod/forum/discuss.php?d=194012
- http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=98456628a24bba25d336860d38a45b5a4e3895da
- http://moodle.org/mod/forum/discuss.php?d=194013
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-13572
- http://moodle.org/mod/forum/discuss.php?d=194014
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=62988bf0bbc73df655f51884aaf1f523928abff9
- http://moodle.org/mod/forum/discuss.php?d=194015
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126
- http://moodle.org/mod/forum/discuss.php?d=194016
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29469
- http://moodle.org/mod/forum/discuss.php?d=194017
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27334
- http://moodle.org/mod/forum/discuss.php?d=194018
- http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=6e9989dbd3f261b2e1586ff77b0bf22fc7091485
- http://moodle.org/mod/forum/discuss.php?d=194019
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=51070abc78b9e1db1db9a44855e8623b22bebd48
- http://moodle.org/mod/forum/discuss.php?d=194020
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=783533
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=783534
- https://access.redhat.com/security/cve/CVE-2012-0792
- https://access.redhat.com/security/cve/CVE-2012-0793
- https://access.redhat.com/security/cve/CVE-2012-0794
- https://access.redhat.com/security/cve/CVE-2012-0795
- https://access.redhat.com/security/cve/CVE-2012-0796
- https://access.redhat.com/security/cve/CVE-2012-0797
- https://access.redhat.com/security/cve/CVE-2012-0798
- https://access.redhat.com/security/cve/CVE-2012-0799
- https://access.redhat.com/security/cve/CVE-2012-0800
- https://access.redhat.com/security/cve/CVE-2012-0801
Frequently Asked Questions
What is the severity of CVE-2012-0792?
CVE-2012-0792 is classified as a medium severity vulnerability due to the potential unauthorized access to user details.
How do I fix CVE-2012-0792?
To fix CVE-2012-0792, upgrade your Moodle installation to version 1.9.16 or later.
Which versions of Moodle are affected by CVE-2012-0792?
CVE-2012-0792 affects all Moodle versions from 1.9.1 to 1.9.15.
What type of vulnerability is CVE-2012-0792?
CVE-2012-0792 is a security vulnerability that allows authenticated users to obtain information about arbitrary user accounts.
Can CVE-2012-0792 lead to data exposure?
Yes, CVE-2012-0792 can lead to the exposure of user names and details through unauthorized queries.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-0792
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/moodle
- canonical/moodle
- version/moodle/1.9.1
- version/moodle/1.9.2
- version/moodle/1.9.3
- version/moodle/1.9.4
- version/moodle/1.9.5
- version/moodle/1.9.6
- version/moodle/1.9.7
- version/moodle/1.9.8
- version/moodle/1.9.9
- version/moodle/1.9.10
- version/moodle/1.9.11
- version/moodle/1.9.12
- version/moodle/1.9.13
- version/moodle/1.9.14
- version/moodle/1.9.15