GHSA-72gv-qqrp-h9qg

Suggest an improvement
Source
https://github.com/advisories/GHSA-72gv-qqrp-h9qg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-72gv-qqrp-h9qg/GHSA-72gv-qqrp-h9qg.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-72gv-qqrp-h9qg
Aliases
  • CVE-2012-0797
Published
2022-05-13T01:13:04Z
Modified
2024-01-12T16:26:50.245968Z
Summary
Moodle Users Can Bypass Deleted Status
Details

The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.

Database specific
{
    "nvd_published_at": "2012-07-17T10:20:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T16:10:49Z"
}
References

Affected packages

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.2
Fixed
2.2.1

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1
Fixed
2.1.4

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0
Fixed
2.0.7