Miggo Logo

CVE-2021-32472: Moodle Exposure of Sensitive Information to an Unauthorized Actor

4.3

CVSS Score
3.1

Basic Information

EPSS Score
0.5903%
Published
3/12/2022
Updated
4/23/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.8.0, < 3.8.93.8.9
moodle/moodlecomposer>= 3.9.0, < 3.9.73.9.7
moodle/moodlecomposer>= 3.10.0, < 3.10.43.10.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing authorization checks during forum CSV exports. Key indicators:

  1. CWE-862 (Missing Authorization) implies a failure to validate course-specific permissions
  2. The export functionality would logically reside in dedicated export handlers (mod/forum/classes/external/export.php) and core forum libraries
  3. Moodle's architecture typically uses capability checks in context-bound functions - the absence of context-aware checks (e.g. require_capability('mod/forum:exportforum', $context)) would explain cross-course access
  4. The patch versions' release notes and tracker reference (MDL-71359) suggest authorization logic was added to export workflows While exact pre-patch code isn't available, Moodle's modular structure and vulnerability pattern strongly implicate these core forum export functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*****rs *xportin* * *orum in *SV *orm*t *oul* r***iv* * *SV o* *orums *rom *ll *ours*s in som* *ir*umst*n**s. Moo*l* v*rsions *.** to *.**.*, *.* to *.*.* *n* *.* to *.*.* *r* *****t**.

Reasoning

T** vuln*r**ility st*ms *rom missin* *ut*oriz*tion ****ks *urin* *orum *SV *xports. K*y in*i**tors: *. *W*-*** (Missin* *ut*oriz*tion) impli*s * **ilur* to v*li**t* *ours*-sp**i*i* p*rmissions *. T** *xport *un*tion*lity woul* lo*i**lly r*si** in ***