CVE-2011-4279 Information

Description

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine as demonstrated by the search functionality of Google Yahoo! Wrensoft Zoom MSN Yandex and AltaVista.

Reference

http://git.moodle.org/gw?p=moodle.git;a=commit;h=81b58cc227cf96a1cd2e002cc210b7b3e376fd17 http://moodle.org/mod/forum/discuss.php?d=170004 http://openwall.com/lists/oss-security/2011/11/14/1