VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-4ays-sgtv-2ugg

Essentials
Severities (37)
References (19)
Severity details (35)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4ays-sgtv-2ugg
Aliases	CVE-2012-1156 GHSA-358r-g2xw-7c83
Summary	Moodle backs up private files Moodle before 2.2.2, 2.1.5, and 2.0.8 had users' private files included in course backups unnecessarily.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-532	Insertion of Sensitive Information into Log File
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	http://docs.moodle.org/dev/Moodle_2.0.8_release_notes
generic_textual	HIGH	http://docs.moodle.org/dev/Moodle_2.0.8_release_notes
cvssv3.1	7.5	http://docs.moodle.org/dev/Moodle_2.1.5_release_notes
generic_textual	HIGH	http://docs.moodle.org/dev/Moodle_2.1.5_release_notes
cvssv3.1	7.5	http://docs.moodle.org/dev/Moodle_2.2.2_release_notes
generic_textual	HIGH	http://docs.moodle.org/dev/Moodle_2.2.2_release_notes
cvssv3.1	7.5	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
generic_textual	HIGH	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
cvssv3.1	7.5	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
generic_textual	HIGH	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
cvssv3.1	7.5	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
generic_textual	HIGH	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
cvssv3.1	7.5	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
generic_textual	HIGH	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
cvssv3.1	7.5	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
generic_textual	HIGH	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
cvssv3.1	7.5	https://access.redhat.com/security/cve/cve-2012-1156
generic_textual	HIGH	https://access.redhat.com/security/cve/cve-2012-1156
epss	0.01229	https://api.first.org/data/v1/epss?cve=CVE-2012-1156
epss	0.01229	https://api.first.org/data/v1/epss?cve=CVE-2012-1156
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-358r-g2xw-7c83
cvssv3.1	7.5	https://github.com/moodle/moodle
generic_textual	HIGH	https://github.com/moodle/moodle
cvssv3.1	7.5	https://github.com/moodle/moodle/commit/37b6e7a03c77ea99fbe5224a15419e318019c570
generic_textual	HIGH	https://github.com/moodle/moodle/commit/37b6e7a03c77ea99fbe5224a15419e318019c570
cvssv3.1	7.5	https://github.com/moodle/moodle/commit/ac6dc09c261219afa0191e9f2daf030bd071d272
generic_textual	HIGH	https://github.com/moodle/moodle/commit/ac6dc09c261219afa0191e9f2daf030bd071d272
cvssv3.1	7.5	https://github.com/moodle/moodle/commit/f88224624dca76e1a8a2810fd8cc04292611f91c
generic_textual	HIGH	https://github.com/moodle/moodle/commit/f88224624dca76e1a8a2810fd8cc04292611f91c
cvssv3.1	7.5	https://moodle.org/mod/forum/discuss.php?d=198623
generic_textual	HIGH	https://moodle.org/mod/forum/discuss.php?d=198623
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2012-1156
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2012-1156
cvssv3.1	7.5	https://security-tracker.debian.org/tracker/CVE-2012-1156
generic_textual	HIGH	https://security-tracker.debian.org/tracker/CVE-2012-1156

Reference id	Reference type	URL
		http://docs.moodle.org/dev/Moodle_2.0.8_release_notes
		http://docs.moodle.org/dev/Moodle_2.1.5_release_notes
		http://docs.moodle.org/dev/Moodle_2.2.2_release_notes
		http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
		http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
		http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
		http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
		http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
		https://access.redhat.com/security/cve/cve-2012-1156
		https://api.first.org/data/v1/epss?cve=CVE-2012-1156
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/37b6e7a03c77ea99fbe5224a15419e318019c570
		https://github.com/moodle/moodle/commit/ac6dc09c261219afa0191e9f2daf030bd071d272
		https://github.com/moodle/moodle/commit/f88224624dca76e1a8a2810fd8cc04292611f91c
		https://moodle.org/mod/forum/discuss.php?d=198623
		https://nvd.nist.gov/vuln/detail/CVE-2012-1156
		https://security-tracker.debian.org/tracker/CVE-2012-1156
GHSA-358r-g2xw-7c83		https://github.com/advisories/GHSA-358r-g2xw-7c83

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://docs.moodle.org/dev/Moodle_2.0.8_release_notes

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://docs.moodle.org/dev/Moodle_2.1.5_release_notes

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://docs.moodle.org/dev/Moodle_2.2.2_release_notes

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/security/cve/cve-2012-1156

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/moodle/moodle/commit/37b6e7a03c77ea99fbe5224a15419e318019c570

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/moodle/moodle/commit/ac6dc09c261219afa0191e9f2daf030bd071d272

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/moodle/moodle/commit/f88224624dca76e1a8a2810fd8cc04292611f91c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://moodle.org/mod/forum/discuss.php?d=198623

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-1156

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security-tracker.debian.org/tracker/CVE-2012-1156

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.78215
EPSS Score	0.01229
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:23:00.145536+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-358r-g2xw-7c83/GHSA-358r-g2xw-7c83.json	36.1.3