CVE-2012-6103 - Vulnerability Details

Vendors	Products
Moodle	Moodle

Link	Providers
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600
http://openwall.com/lists/oss-security/2013/01/21/1
https://moodle.org/mod/forum/discuss.php?d=220164

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-01-27T22:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://moodle.org/mod/forum/discuss.php?d=220164"}, {"name": "[oss-security] 20130121 Moodle security notifications public", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2013/01/21/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-6103", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600", "refsource": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600"}, {"name": "https://moodle.org/mod/forum/discuss.php?d=220164", "refsource": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=220164"}, {"name": "[oss-security] 20130121 Moodle security notifications public", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/01/21/1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:28:38.734Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://moodle.org/mod/forum/discuss.php?d=220164"}, {"name": "[oss-security] 20130121 Moodle security notifications public", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2013/01/21/1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-6103", "datePublished": "2013-01-27T22:00:00Z", "dateReserved": "2012-12-06T00:00:00Z", "dateUpdated": "2024-09-17T04:04:56.901Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2013-01-27T22:00:00Z (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=220164 (string)

}

2 : { »

name : [oss-security] 20130121 Moodle security notifications public (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://openwall.com/lists/oss-security/2013/01/21/1 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2012-6103 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600 (string)

refsource : CONFIRM (string)

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600 (string)

}

1 : { »

name : https://moodle.org/mod/forum/discuss.php?d=220164 (string)

refsource : CONFIRM (string)

url : https://moodle.org/mod/forum/discuss.php?d=220164 (string)

}

2 : { »

name : [oss-security] 20130121 Moodle security notifications public (string)

refsource : MLIST (string)

url : http://openwall.com/lists/oss-security/2013/01/21/1 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T21:28:38.734Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=220164 (string)

}

2 : { »

name : [oss-security] 20130121 Moodle security notifications public (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://openwall.com/lists/oss-security/2013/01/21/1 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2012-6103 (string)

datePublished : 2013-01-27T22:00:00Z (string)

dateReserved : 2012-12-06T00:00:00Z (string)

dateUpdated : 2024-09-17T04:04:56.901Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "15A73CE2-73DA-4274-89E0-DD9A413ED17F", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "39075F6E-2925-4897-B1DE-C86A066DF54B", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "179DBC2B-B35F-4A19-B522-DF996D5E13E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "FA527724-B44E-46B6-BA53-A83B012EA376", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "31A8CAEA-CCCF-4678-B61E-0FFE439890DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "3C22E1EB-57DA-4E3C-BF38-29E2F50AEBF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "25F99A03-DD94-4380-8E6B-C95D3A57D6EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFD575CF-2AF2-443F-841D-F7E25FBD455A", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC2A1954-E30F-40EC-BA59-40D29573E7D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "25EA194F-BE9D-49A8-AA35-FC7810C06643", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "2C3888D8-8219-4DE4-8E6C-84F58AFD3B15", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8E52813-E056-4A5C-8BF5-4DD5EF5BF041", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages."}, {"lang": "es", "value": "Multiple vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados de user/messageselect.php en el sistema de mensajer\u00eda de Moodle v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.1 y v2.4.x antes de permitir a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para las solicitudes que env\u00edan mensajes de los cursos."}], "id": "CVE-2012-6103", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-01-27T22:55:03.930", "references": [{"source": "secalert@redhat.com", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2013/01/21/1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=220164"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2013/01/21/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=220164"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 15A73CE2-73DA-4274-89E0-DD9A413ED17F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 39075F6E-2925-4897-B1DE-C86A066DF54B (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 179DBC2B-B35F-4A19-B522-DF996D5E13E4 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : FA527724-B44E-46B6-BA53-A83B012EA376 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 31A8CAEA-CCCF-4678-B61E-0FFE439890DB (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 3C22E1EB-57DA-4E3C-BF38-29E2F50AEBF2 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 25F99A03-DD94-4380-8E6B-C95D3A57D6EF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : BFD575CF-2AF2-443F-841D-F7E25FBD455A (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : AC2A1954-E30F-40EC-BA59-40D29573E7D6 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 25EA194F-BE9D-49A8-AA35-FC7810C06643 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 2C3888D8-8219-4DE4-8E6C-84F58AFD3B15 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B8E52813-E056-4A5C-8BF5-4DD5EF5BF041 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages. (string)

}

1 : { »

lang : es (string)

value : Multiple vulnerabilidad de falsificación de petición en sitios cruzados de user/messageselect.php en el sistema de mensajería de Moodle v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.1 y v2.4.x antes de permitir a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para las solicitudes que envían mensajes de los cursos. (string)

}

]

id : CVE-2012-6103 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2013-01-27T22:55:03.930 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600 (string)

}

1 : { »

source : secalert@redhat.com (string)

url : http://openwall.com/lists/oss-security/2013/01/21/1 (string)

}

2 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=220164 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://openwall.com/lists/oss-security/2013/01/21/1 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=220164 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-352 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object