Bug 1021099 - (CVE-2016-5012) VUL-0: CVE-2016-5012: moodle: glossary search displays entries without checking userpermissions to view them
(CVE-2016-5012)
VUL-0: CVE-2016-5012: moodle: glossary search displays entries without checki...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Lars Vogdt
Security Team bot
https://smash.suse.de/issue/178942/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-20 12:35 UTC by Andreas Stieger
Modified: 2017-10-18 08:00 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-01-20 12:35:41 UTC
In Moodle 3.x, glossary search displays entries without checking user
permissions to view them.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5012
https://moodle.org/mod/forum/discuss.php?d=336697
Comment 2 Swamp Workflow Management 2017-01-20 23:00:39 UTC
bugbot adjusting priority
Comment 3 Lars Vogdt 2017-10-18 08:00:37 UTC
Updated moodle3_1 to 3.1.8.
Updated moodle3_2 to 3.2.5.
Updated moodle3_3 to 3.3.2.

=> closing as fixed.