CVE-2012-6100 - Vulnerability Details

Vendors	Products
Moodle	Moodle

Link	Providers
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340
http://openwall.com/lists/oss-security/2013/01/21/1
https://moodle.org/mod/forum/discuss.php?d=220161

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2013-01-27T22:00:00Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://moodle.org/mod/forum/discuss.php?d=220161"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340"}, {"name": "[oss-security] 20130121 Moodle security notifications public", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2013/01/21/1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:28:38.695Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://moodle.org/mod/forum/discuss.php?d=220161"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340"}, {"name": "[oss-security] 20130121 Moodle security notifications public", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2013/01/21/1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-6100", "state": "PUBLISHED", "dateReserved": "2012-12-06T00:00:00Z", "datePublished": "2013-01-27T22:00:00Z", "dateUpdated": "2024-08-06T21:28:38.695Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

dateUpdated : 2013-01-27T22:00:00Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=220161 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340 (string)

}

2 : { »

name : [oss-security] 20130121 Moodle security notifications public (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://openwall.com/lists/oss-security/2013/01/21/1 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T21:28:38.695Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=220161 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340 (string)

}

2 : { »

name : [oss-security] 20130121 Moodle security notifications public (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://openwall.com/lists/oss-security/2013/01/21/1 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2012-6100 (string)

state : PUBLISHED (string)

dateReserved : 2012-12-06T00:00:00Z (string)

datePublished : 2013-01-27T22:00:00Z (string)

dateUpdated : 2024-08-06T21:28:38.695Z (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "15A73CE2-73DA-4274-89E0-DD9A413ED17F", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "39075F6E-2925-4897-B1DE-C86A066DF54B", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "179DBC2B-B35F-4A19-B522-DF996D5E13E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "FA527724-B44E-46B6-BA53-A83B012EA376", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "31A8CAEA-CCCF-4678-B61E-0FFE439890DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "3C22E1EB-57DA-4E3C-BF38-29E2F50AEBF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "25F99A03-DD94-4380-8E6B-C95D3A57D6EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFD575CF-2AF2-443F-841D-F7E25FBD455A", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC2A1954-E30F-40EC-BA59-40D29573E7D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "25EA194F-BE9D-49A8-AA35-FC7810C06643", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "2C3888D8-8219-4DE4-8E6C-84F58AFD3B15", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8E52813-E056-4A5C-8BF5-4DD5EF5BF041", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report."}, {"lang": "es", "value": "report/outline/index.php en Moodle v2.2.x anterior a v2.2.7, v2.3.x anterior a v2.3.4, y v2.4.x anterior a v2.4.1 o se aplican correctamente el requisito \"moodle/user:viewhiddendetails capability\", lo que permite a atacantes remotos autentificados descubrir un valor oculto \"lastaccess\" a trav\u00e9s de la lectura del reporte de actividad."}], "id": "CVE-2012-6100", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-01-27T22:55:03.727", "references": [{"source": "secalert@redhat.com", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2013/01/21/1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=220161"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2013/01/21/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=220161"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 15A73CE2-73DA-4274-89E0-DD9A413ED17F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 39075F6E-2925-4897-B1DE-C86A066DF54B (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 179DBC2B-B35F-4A19-B522-DF996D5E13E4 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : FA527724-B44E-46B6-BA53-A83B012EA376 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 31A8CAEA-CCCF-4678-B61E-0FFE439890DB (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 3C22E1EB-57DA-4E3C-BF38-29E2F50AEBF2 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 25F99A03-DD94-4380-8E6B-C95D3A57D6EF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : BFD575CF-2AF2-443F-841D-F7E25FBD455A (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : AC2A1954-E30F-40EC-BA59-40D29573E7D6 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 25EA194F-BE9D-49A8-AA35-FC7810C06643 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 2C3888D8-8219-4DE4-8E6C-84F58AFD3B15 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B8E52813-E056-4A5C-8BF5-4DD5EF5BF041 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. (string)

}

1 : { »

lang : es (string)

value : report/outline/index.php en Moodle v2.2.x anterior a v2.2.7, v2.3.x anterior a v2.3.4, y v2.4.x anterior a v2.4.1 o se aplican correctamente el requisito "moodle/user:viewhiddendetails capability", lo que permite a atacantes remotos autentificados descubrir un valor oculto "lastaccess" a través de la lectura del reporte de actividad. (string)

}

]

id : CVE-2012-6100 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2013-01-27T22:55:03.727 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340 (string)

}

1 : { »

source : secalert@redhat.com (string)

url : http://openwall.com/lists/oss-security/2013/01/21/1 (string)

}

2 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=220161 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://openwall.com/lists/oss-security/2013/01/21/1 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=220161 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-264 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object