VIR Vulnerability Intelligence Relay

CVE-2011-4289

medium
Published 2012-07-16 · Modified 2025-04-12
CVSS v3
CVSS v2
4.0
VIR risk
4.0

Description

Moodle does not recogniz configuration setting that makes e-mail addresses visible only to course members

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://moodle.org/mod/forum/discuss.php?d=175591

Package impact
EcosystemPackageVulnerableFixed
php Packagistmoodle/moodle>=2.0.0,<2.0.32.0.3

Application impact
VendorProductVersionsFixed
moodlemoodle2.0.0
moodlemoodle2.0.1
moodlemoodle2.0.2

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.