CVE-2011-4592

2012-07-2010:40:36

CWE-264

redhat

web.nvd.nist.gov

cve-2011-4592

moodle

cron

ip blocking

remote attackers

security issue

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

64.7%

JSON

The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.

Affected configurations

Nvd

Node

moodlemoodleMatch2.0.0

moodlemoodleMatch2.0.1

moodlemoodleMatch2.0.2

moodlemoodleMatch2.0.3

moodlemoodleMatch2.0.4

moodlemoodleMatch2.0.5

Node

moodlemoodleMatch2.1.0

moodlemoodleMatch2.1.1

moodlemoodleMatch2.1.2

VendorProductVersionCPE
moodlemoodle2.0.3cpe:/a:moodle:moodle:2.0.3:::
moodlemoodle2.0.2cpe:/a:moodle:moodle:2.0.2:::
moodlemoodle2.0.5cpe:/a:moodle:moodle:2.0.5:::
moodlemoodle2.0.0cpe:/a:moodle:moodle:2.0.0:::
moodlemoodle2.0.1cpe:/a:moodle:moodle:2.0.1:::
moodlemoodle2.0.4cpe:/a:moodle:moodle:2.0.4:::

Vendor	Product	Version	CPE
moodle	moodle	2.0.3	cpe:/a:moodle:moodle:2.0.3:::
moodle	moodle	2.0.2	cpe:/a:moodle:moodle:2.0.2:::
moodle	moodle	2.0.5	cpe:/a:moodle:moodle:2.0.5:::
moodle	moodle	2.0.0	cpe:/a:moodle:moodle:2.0.0:::
moodle	moodle	2.0.1	cpe:/a:moodle:moodle:2.0.1:::
moodle	moodle	2.0.4	cpe:/a:moodle:moodle:2.0.4:::