Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52550?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52550?format=api", "purl": "pkg:composer/moodle/moodle@2.8.0", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "2.8.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.8.2", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43619?format=api", "vulnerability_id": "VCID-1z6j-fs6f-eua1", "summary": "Moodle allows attackers to obtain manager privileges\nThe enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744" }, { "reference_url": "https://github.com/moodle/moodle/commit/936facab28d8d8bd03f38da42cb80fafba1a06db", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/936facab28d8d8bd03f38da42cb80fafba1a06db" }, { "reference_url": "https://github.com/moodle/moodle/commit/ab006d43e48add8e5495141d4d750c1531772ca2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ab006d43e48add8e5495141d4d750c1531772ca2" }, { "reference_url": "https://github.com/moodle/moodle/commit/dff6cdc88355f22ebaaf8f00c44a1ad51d272344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/dff6cdc88355f22ebaaf8f00c44a1ad51d272344" }, { "reference_url": "https://github.com/moodle/moodle/commit/f7fbc80766b72ed1c9915698edd443ee8f6eafbd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f7fbc80766b72ed1c9915698edd443ee8f6eafbd" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=320290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=320290" }, { "reference_url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5266", "reference_id": "CVE-2015-5266", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5266" }, { "reference_url": "https://github.com/advisories/GHSA-454r-4cjv-vc9h", "reference_id": "GHSA-454r-4cjv-vc9h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-454r-4cjv-vc9h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62295?format=api", "purl": "pkg:composer/moodle/moodle@2.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2" } ], "aliases": [ "CVE-2015-5266", "GHSA-454r-4cjv-vc9h" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1z6j-fs6f-eua1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43347?format=api", "vulnerability_id": "VCID-2y3m-yuaj-vkf2", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/03/16/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/03/16/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/71aeb8a9cb4cf06f0b4aa49daf527e5c866db30e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/71aeb8a9cb4cf06f0b4aa49daf527e5c866db30e" }, { "reference_url": "https://github.com/moodle/moodle/commit/8b6fcfa958204c6f26c410b9a9757612b326b6c7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/8b6fcfa958204c6f26c410b9a9757612b326b6c7" }, { "reference_url": "https://github.com/moodle/moodle/commit/ceab40d186e241a9c239392954c6afdc3e2c3a4f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ceab40d186e241a9c239392954c6afdc3e2c3a4f" }, { "reference_url": "https://github.com/moodle/moodle/commit/f1fb96b698876bece46e8606b3c6c78889265e2b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f1fb96b698876bece46e8606b3c6c78889265e2b" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=307387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=307387" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2273", "reference_id": "CVE-2015-2273", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2273" }, { "reference_url": "https://github.com/advisories/GHSA-w77v-xpxr-c6pv", "reference_id": "GHSA-w77v-xpxr-c6pv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w77v-xpxr-c6pv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62127?format=api", "purl": "pkg:composer/moodle/moodle@2.8.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4" } ], "aliases": [ "CVE-2015-2273", "GHSA-w77v-xpxr-c6pv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2y3m-yuaj-vkf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43529?format=api", "vulnerability_id": "VCID-37j1-ym2f-1fbc", "summary": "Moodle open redirect vulnerability\nOpen redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/07/13/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/07/13/2" }, { "reference_url": "https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2" }, { "reference_url": "https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5" }, { "reference_url": "https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f" }, { "reference_url": "https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=316662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=316662" }, { "reference_url": "https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3272", "reference_id": "CVE-2015-3272", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3272" }, { "reference_url": "https://github.com/advisories/GHSA-2hw2-h3mf-c2j9", "reference_id": "GHSA-2hw2-h3mf-c2j9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2hw2-h3mf-c2j9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62468?format=api", "purl": "pkg:composer/moodle/moodle@2.8.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62469?format=api", "purl": "pkg:composer/moodle/moodle@2.9.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1" } ], "aliases": [ "CVE-2015-3272", "GHSA-2hw2-h3mf-c2j9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37j1-ym2f-1fbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38122?format=api", "vulnerability_id": "VCID-37pj-u3gh-n7fd", "summary": "Insertion of Sensitive Information into Log File\nMoodle does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330181" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2190", "reference_id": "CVE-2016-2190", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2190" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37pj-u3gh-n7fd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38035?format=api", "vulnerability_id": "VCID-3kq3-v2u1-fyhz", "summary": "Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `search_pagination` function in `course/classes/management_renderer.php` in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted search string.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=326206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=326206" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0725", "reference_id": "CVE-2016-0725", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0725" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52556?format=api", "purl": "pkg:composer/moodle/moodle@2.8.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/52557?format=api", "purl": "pkg:composer/moodle/moodle@2.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/52558?format=api", "purl": "pkg:composer/moodle/moodle@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2" } ], "aliases": [ "CVE-2016-0725" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kq3-v2u1-fyhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43373?format=api", "vulnerability_id": "VCID-46jw-xjbu-b3f1", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48368", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48368" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/38ca8793b6faa6c35176537c8015cc4e76ce73f5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/38ca8793b6faa6c35176537c8015cc4e76ce73f5" }, { "reference_url": "https://github.com/moodle/moodle/commit/7a15c996ebd90c776bae1a77573b95e8a43467b6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7a15c996ebd90c776bae1a77573b95e8a43467b6" }, { "reference_url": "https://github.com/moodle/moodle/commit/82356399b97be933c4d72f9c55b797e49b8c8232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/82356399b97be933c4d72f9c55b797e49b8c8232" }, { "reference_url": "https://github.com/moodle/moodle/commit/b270bb0d75d2354b7fbf4b8ccf0b995037973684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b270bb0d75d2354b7fbf4b8ccf0b995037973684" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278612", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278612" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0212", "reference_id": "CVE-2015-0212", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0212" }, { "reference_url": "https://github.com/advisories/GHSA-jj3j-mhgc-g4m4", "reference_id": "GHSA-jj3j-mhgc-g4m4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jj3j-mhgc-g4m4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0212", "GHSA-jj3j-mhgc-g4m4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46jw-xjbu-b3f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43369?format=api", "vulnerability_id": "VCID-4cx7-eaax-8uhr", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMoodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48085", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48085" }, { "reference_url": "https://github.com/moodle/moodle/commit/c73f6d03e5037729097bb9f5f5a55be15f3cab18", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c73f6d03e5037729097bb9f5f5a55be15f3cab18" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=323232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=323232" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5337", "reference_id": "CVE-2015-5337", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5337" }, { "reference_url": "https://github.com/advisories/GHSA-2hw6-6rgf-726v", "reference_id": "GHSA-2hw6-6rgf-726v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2hw6-6rgf-726v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52551?format=api", "purl": "pkg:composer/moodle/moodle@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52553?format=api", "purl": "pkg:composer/moodle/moodle@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3" } ], "aliases": [ "CVE-2015-5337", "GHSA-2hw6-6rgf-726v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cx7-eaax-8uhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38559?format=api", "vulnerability_id": "VCID-4kq5-ctsv-eka8", "summary": "Improper Access Control\nThe \"restore teacher\" feature in Moodle allows remote authenticated users to overwrite the course id number.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933" }, { "reference_url": "http://www.securitytracker.com/id/1035902", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035902" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3733", "reference_id": "CVE-2016-3733", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3733" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53191?format=api", "purl": "pkg:composer/moodle/moodle@2.8.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-65y9-9ur2-pugc" }, { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-qtt4-455b-abb6" }, { "vulnerability": "VCID-v54t-5thx-1beu" }, { "vulnerability": "VCID-vb67-yux5-ayhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/53198?format=api", "purl": "pkg:composer/moodle/moodle@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-qtt4-455b-abb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/53199?format=api", "purl": "pkg:composer/moodle/moodle@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-qtt4-455b-abb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4" } ], "aliases": [ "CVE-2016-3733" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kq5-ctsv-eka8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43667?format=api", "vulnerability_id": "VCID-5hx1-9xbg-g3fn", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\ncalendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808" }, { "reference_url": "https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd" }, { "reference_url": "https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94" }, { "reference_url": "https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf" }, { "reference_url": "https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3" }, { "reference_url": "https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330178" }, { "reference_url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2156", "reference_id": "CVE-2016-2156", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2156" }, { "reference_url": "https://github.com/advisories/GHSA-h8vc-v44p-5r2q", "reference_id": "GHSA-h8vc-v44p-5r2q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h8vc-v44p-5r2q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2156", "GHSA-h8vc-v44p-5r2q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5hx1-9xbg-g3fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43378?format=api", "vulnerability_id": "VCID-5nfq-4syg-87da", "summary": "Cross-Site Request Forgery (CSRF)\nCross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/371d58d70d4ef866f35e33ea6898007112bfe654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/371d58d70d4ef866f35e33ea6898007112bfe654" }, { "reference_url": "https://github.com/moodle/moodle/commit/693918c30e6b7c95dddd9c5973f98d98342a59d9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/693918c30e6b7c95dddd9c5973f98d98342a59d9" }, { "reference_url": "https://github.com/moodle/moodle/commit/b82b4c562b705ea8f11893d9126889bb696b9612", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b82b4c562b705ea8f11893d9126889bb696b9612" }, { "reference_url": "https://github.com/moodle/moodle/commit/fb60e23a67931eeba8fc9aacf3cc838e462f21f2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/fb60e23a67931eeba8fc9aacf3cc838e462f21f2" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278618" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0218", "reference_id": "CVE-2015-0218", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0218" }, { "reference_url": "https://github.com/advisories/GHSA-5jph-mvfm-r27p", "reference_id": "GHSA-5jph-mvfm-r27p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5jph-mvfm-r27p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0218", "GHSA-5jph-mvfm-r27p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5nfq-4syg-87da" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43491?format=api", "vulnerability_id": "VCID-5vx4-qtb2-fqe9", "summary": "Moodle allows attackers to obtain sensitive course information\nlib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/03/16/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/03/16/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/1edd3d6fbfcc7ac757579a7953f03e3401c0c32d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/1edd3d6fbfcc7ac757579a7953f03e3401c0c32d" }, { "reference_url": "https://github.com/moodle/moodle/commit/4ab4ec652cb7768a058eca7f69362e76d9ee0c62", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/4ab4ec652cb7768a058eca7f69362e76d9ee0c62" }, { "reference_url": "https://github.com/moodle/moodle/commit/5f0bfb120f4a769518a77eff06fedc67c6040494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5f0bfb120f4a769518a77eff06fedc67c6040494" }, { "reference_url": "https://github.com/moodle/moodle/commit/cd060b5fe2b5d90ff87d3b345e5f802ef143f883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/cd060b5fe2b5d90ff87d3b345e5f802ef143f883" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=307384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=307384" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2270", "reference_id": "CVE-2015-2270", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2270" }, { "reference_url": "https://github.com/advisories/GHSA-fp4h-j22r-vwcv", "reference_id": "GHSA-fp4h-j22r-vwcv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fp4h-j22r-vwcv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62127?format=api", "purl": "pkg:composer/moodle/moodle@2.8.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4" } ], "aliases": [ "CVE-2015-2270", "GHSA-fp4h-j22r-vwcv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vx4-qtb2-fqe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43737?format=api", "vulnerability_id": "VCID-62yh-cpfr-9bb1", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nlib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49788", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49788" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/032f18c4a50d472cddd2cb52a627d19b75921f16", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/032f18c4a50d472cddd2cb52a627d19b75921f16" }, { "reference_url": "https://github.com/moodle/moodle/commit/271477f593c4acbb84c620015fad19f08282629e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/271477f593c4acbb84c620015fad19f08282629e" }, { "reference_url": "https://github.com/moodle/moodle/commit/8b4568500b305f7ddedbca355b73ce34ea4afbc0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/8b4568500b305f7ddedbca355b73ce34ea4afbc0" }, { "reference_url": "https://github.com/moodle/moodle/commit/b7d307e80761e1c5b310958223640055d23b83f6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b7d307e80761e1c5b310958223640055d23b83f6" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313687" }, { "reference_url": "https://web.archive.org/web/20200228054132/http://www.securityfocus.com/bid/74729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228054132/http://www.securityfocus.com/bid/74729" }, { "reference_url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3180", "reference_id": "CVE-2015-3180", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3180" }, { "reference_url": "https://github.com/advisories/GHSA-688p-pgj4-77hh", "reference_id": "GHSA-688p-pgj4-77hh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-688p-pgj4-77hh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3180", "GHSA-688p-pgj4-77hh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-62yh-cpfr-9bb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38453?format=api", "vulnerability_id": "VCID-65y9-9ur2-pugc", "summary": "Improper Input Validation\nThere is incorrect sanitization of attributes in forums.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=345912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=345912" }, { "reference_url": "http://www.securityfocus.com/bid/95649", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2576", "reference_id": "CVE-2017-2576", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2576" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53209?format=api", "purl": "pkg:composer/moodle/moodle@3.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dxb-v1af-jbax" }, { "vulnerability": "VCID-5rbf-4dz3-2qdz" }, { "vulnerability": "VCID-dhku-uah4-ykh8" }, { "vulnerability": "VCID-vtq4-fpr8-hudb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/53201?format=api", "purl": "pkg:composer/moodle/moodle@3.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dxb-v1af-jbax" }, { "vulnerability": "VCID-5rbf-4dz3-2qdz" }, { "vulnerability": "VCID-dhku-uah4-ykh8" }, { "vulnerability": "VCID-jn5n-6hg9-tyf7" }, { "vulnerability": "VCID-vtq4-fpr8-hudb" }, { "vulnerability": "VCID-x927-nh46-7fdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/53202?format=api", "purl": "pkg:composer/moodle/moodle@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qjr-wjh1-8fh6" }, { "vulnerability": "VCID-dhku-uah4-ykh8" }, { "vulnerability": "VCID-jn5n-6hg9-tyf7" }, { "vulnerability": "VCID-x927-nh46-7fdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1" } ], "aliases": [ "CVE-2017-2576" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-65y9-9ur2-pugc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43762?format=api", "vulnerability_id": "VCID-7rut-8dau-e3cp", "summary": "Moodle allows attackers to modify \"Exclude grade\" settings\nThe grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify \"Exclude grade\" settings by leveraging the Non-Editing Instructor role.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378" }, { "reference_url": "https://github.com/moodle/moodle/commit/3328dc32a75d6aa4bc92865fa236dc6d52dcb7bf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/3328dc32a75d6aa4bc92865fa236dc6d52dcb7bf" }, { "reference_url": "https://github.com/moodle/moodle/commit/5208032b23b7999d7048a3da7a4b70c038d93506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5208032b23b7999d7048a3da7a4b70c038d93506" }, { "reference_url": "https://github.com/moodle/moodle/commit/71beedee8c82c378ed10a0569c8b19ec641df9e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/71beedee8c82c378ed10a0569c8b19ec641df9e3" }, { "reference_url": "https://github.com/moodle/moodle/commit/ad67b7eeea4abf194eb432d5958e9a7032ee2c25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ad67b7eeea4abf194eb432d5958e9a7032ee2c25" }, { "reference_url": "https://github.com/moodle/moodle/commit/ae66ed23b6ae8000efd4e1f612697892c9795c65", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ae66ed23b6ae8000efd4e1f612697892c9795c65" }, { "reference_url": "https://github.com/moodle/moodle/commit/b74d0f8404651d9ad0d97fd7eb58a94079342eb3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b74d0f8404651d9ad0d97fd7eb58a94079342eb3" }, { "reference_url": "https://github.com/moodle/moodle/commit/c7f7b18adecb4a80c4f3defee31e72e591133693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c7f7b18adecb4a80c4f3defee31e72e591133693" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330177" }, { "reference_url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2155", "reference_id": "CVE-2016-2155", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2155" }, { "reference_url": "https://github.com/advisories/GHSA-32hg-73hp-vwc8", "reference_id": "GHSA-32hg-73hp-vwc8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-32hg-73hp-vwc8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2155", "GHSA-32hg-73hp-vwc8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7rut-8dau-e3cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43702?format=api", "vulnerability_id": "VCID-8cc1-hbzm-87bx", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nThe capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933" }, { "reference_url": "https://web.archive.org/web/20210413170947/http://www.securitytracker.com/id/1035902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210413170947/http://www.securitytracker.com/id/1035902" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/05/17/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/05/17/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3732", "reference_id": "CVE-2016-3732", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3732" }, { "reference_url": "https://github.com/advisories/GHSA-5282-96ff-xx3h", "reference_id": "GHSA-5282-96ff-xx3h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5282-96ff-xx3h" } ], "fixed_packages": [], "aliases": [ "CVE-2016-3732", "GHSA-5282-96ff-xx3h" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8cc1-hbzm-87bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43385?format=api", "vulnerability_id": "VCID-95mq-m2jz-a3ab", "summary": "Moodle allows attackers to cause a denial of service\nfilter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/01da07a42be0f69de9f316be6ee8cb25ecd60c19", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/01da07a42be0f69de9f316be6ee8cb25ecd60c19" }, { "reference_url": "https://github.com/moodle/moodle/commit/25191bc31187f6381ad9fc690b653414ea3bc6d4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/25191bc31187f6381ad9fc690b653414ea3bc6d4" }, { "reference_url": "https://github.com/moodle/moodle/commit/531492a32cf77f90bc48c4868a5f71dd7040049f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/531492a32cf77f90bc48c4868a5f71dd7040049f" }, { "reference_url": "https://github.com/moodle/moodle/commit/5329d84f0b5767f5bb800b203bfb89753ac35146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5329d84f0b5767f5bb800b203bfb89753ac35146" }, { "reference_url": "https://github.com/moodle/moodle/commit/63ed941a9363b6da3322df2b8de5be0d1df6d81a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/63ed941a9363b6da3322df2b8de5be0d1df6d81a" }, { "reference_url": "https://github.com/moodle/moodle/commit/70229b7ec718ee3929109c54de74a8d14264a166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/70229b7ec718ee3929109c54de74a8d14264a166" }, { "reference_url": "https://github.com/moodle/moodle/commit/d11969e7775b0fc1a2debf6ec91e42d25b0eeecd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d11969e7775b0fc1a2debf6ec91e42d25b0eeecd" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278617" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0217", "reference_id": "CVE-2015-0217", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0217" }, { "reference_url": "https://github.com/advisories/GHSA-p497-37fc-xvvc", "reference_id": "GHSA-p497-37fc-xvvc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p497-37fc-xvvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0217", "GHSA-p497-37fc-xvvc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95mq-m2jz-a3ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43388?format=api", "vulnerability_id": "VCID-9z66-z9af-17f7", "summary": "Moodle allows attackers to bypass a messaging-disabled setting\nmessage/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/436bbf8975f0daef329c6483ec595dbf9b39ee56", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/436bbf8975f0daef329c6483ec595dbf9b39ee56" }, { "reference_url": "https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90" }, { "reference_url": "https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6" }, { "reference_url": "https://github.com/moodle/moodle/commits/v2.6.7#:~:text=MDL%2D48106%20mod_glossary%3A%20Add%20missing%20sesskey%20checks", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commits/v2.6.7#:~:text=MDL%2D48106%20mod_glossary%3A%20Add%20missing%20sesskey%20checks" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278614" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0214", "reference_id": "CVE-2015-0214", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0214" }, { "reference_url": "https://github.com/advisories/GHSA-4jm2-c9jr-6prf", "reference_id": "GHSA-4jm2-c9jr-6prf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4jm2-c9jr-6prf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0214", "GHSA-4jm2-c9jr-6prf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9z66-z9af-17f7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43578?format=api", "vulnerability_id": "VCID-a34q-gbqw-1bbr", "summary": "Moodle allows attackers to bypass intended access restrictions\nThe choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51569", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51569" }, { "reference_url": "https://github.com/moodle/moodle/commit/02d8c8ca394ba053905f9b87c155042aabf0ce1b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/02d8c8ca394ba053905f9b87c155042aabf0ce1b" }, { "reference_url": "https://github.com/moodle/moodle/commit/09bb6f19e5814deb25ae6ceb8270063430b8941f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/09bb6f19e5814deb25ae6ceb8270063430b8941f" }, { "reference_url": "https://github.com/moodle/moodle/commit/5c16db4fc561c97b6a907398ea081cdaf6590214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5c16db4fc561c97b6a907398ea081cdaf6590214" }, { "reference_url": "https://github.com/moodle/moodle/commit/6283c33979001b035f9fc565b869296f66a61c4e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/6283c33979001b035f9fc565b869296f66a61c4e" }, { "reference_url": "https://github.com/moodle/moodle/commit/7ca8c34045eb0d2031652b452492fe4abb2c7c8a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7ca8c34045eb0d2031652b452492fe4abb2c7c8a" }, { "reference_url": "https://github.com/moodle/moodle/commit/97394274ee29f0a6eecab330b5bbb8ee335e7ece", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/97394274ee29f0a6eecab330b5bbb8ee335e7ece" }, { "reference_url": "https://github.com/moodle/moodle/commit/bdaa571437c6357f322871b068f02a4520b7a23d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/bdaa571437c6357f322871b068f02a4520b7a23d" }, { "reference_url": "https://github.com/moodle/moodle/commit/fb2491effb1a7d5d7abb0efba5b3929342990514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/fb2491effb1a7d5d7abb0efba5b3929342990514" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=323237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=323237" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5342", "reference_id": "CVE-2015-5342", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5342" }, { "reference_url": "https://github.com/advisories/GHSA-6xpm-q8x9-j3rw", "reference_id": "GHSA-6xpm-q8x9-j3rw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6xpm-q8x9-j3rw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52551?format=api", "purl": "pkg:composer/moodle/moodle@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52553?format=api", "purl": "pkg:composer/moodle/moodle@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3" } ], "aliases": [ "CVE-2015-5342", "GHSA-6xpm-q8x9-j3rw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a34q-gbqw-1bbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43579?format=api", "vulnerability_id": "VCID-a3pu-x51u-1udr", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\ncalendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90" }, { "reference_url": "https://github.com/moodle/moodle/commit/76aea854f6877cc5accb288bc6ac60bc55d30788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/76aea854f6877cc5accb288bc6ac60bc55d30788" }, { "reference_url": "https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6" }, { "reference_url": "https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278615", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278615" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0215", "reference_id": "CVE-2015-0215", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0215" }, { "reference_url": "https://github.com/advisories/GHSA-fr9m-pjmm-qx9f", "reference_id": "GHSA-fr9m-pjmm-qx9f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fr9m-pjmm-qx9f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0215", "GHSA-fr9m-pjmm-qx9f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3pu-x51u-1udr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38123?format=api", "vulnerability_id": "VCID-an53-nu91-k3d7", "summary": "Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in `auth/db/auth.php` in Moodle allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330174" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2152", "reference_id": "CVE-2016-2152", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2152" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2152" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-an53-nu91-k3d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43551?format=api", "vulnerability_id": "VCID-aqc8-tmeg-9fdd", "summary": "Cross-Site Request Forgery (CSRF)\nMultiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90" }, { "reference_url": "https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6" }, { "reference_url": "https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278613" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0213", "reference_id": "CVE-2015-0213", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0213" }, { "reference_url": "https://github.com/advisories/GHSA-hhq7-jf2p-hw9c", "reference_id": "GHSA-hhq7-jf2p-hw9c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hhq7-jf2p-hw9c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0213", "GHSA-hhq7-jf2p-hw9c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqc8-tmeg-9fdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43633?format=api", "vulnerability_id": "VCID-b9ej-hx7z-1bb8", "summary": "Moodle sensitive information disclosure\nMoodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) `badges/overview.php` or (2) `badges/view.php`.", "references": [ { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/47d5c29202e299fdbe54229d3f6b0c381835eae3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/47d5c29202e299fdbe54229d3f6b0c381835eae3" }, { "reference_url": "https://github.com/moodle/moodle/commit/65734f149f3c7e6cce9402f51f9a97deb31170db", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/65734f149f3c7e6cce9402f51f9a97deb31170db" }, { "reference_url": "https://github.com/moodle/moodle/commit/7cff64fdbfff749e779cb625fbddcce737355100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7cff64fdbfff749e779cb625fbddcce737355100" }, { "reference_url": "https://github.com/moodle/moodle/commit/d41fa94a69bebeca69a4cd5332bb9569cfd87b99", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d41fa94a69bebeca69a4cd5332bb9569cfd87b99" }, { "reference_url": "https://github.com/moodle/moodle/commit/d70f610615242c5c7b3ae0bf7ef6868520dcd850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d70f610615242c5c7b3ae0bf7ef6868520dcd850" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=323235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=323235" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5340", "reference_id": "CVE-2015-5340", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5340" }, { "reference_url": "https://github.com/advisories/GHSA-mmvj-j7hq-rx85", "reference_id": "GHSA-mmvj-j7hq-rx85", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mmvj-j7hq-rx85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52551?format=api", "purl": "pkg:composer/moodle/moodle@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52553?format=api", "purl": "pkg:composer/moodle/moodle@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3" } ], "aliases": [ "CVE-2015-5340", "GHSA-mmvj-j7hq-rx85" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b9ej-hx7z-1bb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43434?format=api", "vulnerability_id": "VCID-d3yp-gq4c-vyf8", "summary": "Moodle does not consider the moodle/tag:flag capability\ntag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the \"Flag as inappropriate\" feature.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49084", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49084" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/03/16/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/03/16/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/1a344ea46f4bdedf6b8c87ae9a419e0617e1ac27", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/1a344ea46f4bdedf6b8c87ae9a419e0617e1ac27" }, { "reference_url": "https://github.com/moodle/moodle/commit/64e2179478849ec09c3537716e70ae8a1684b58b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/64e2179478849ec09c3537716e70ae8a1684b58b" }, { "reference_url": "https://github.com/moodle/moodle/commit/8b4e370840dad1ec4ca6c7cef8a4d6b78e0458b7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/8b4e370840dad1ec4ca6c7cef8a4d6b78e0458b7" }, { "reference_url": "https://github.com/moodle/moodle/commit/b771b31e20cbf3d39aab877c648cf387e77173ba", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b771b31e20cbf3d39aab877c648cf387e77173ba" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=307385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=307385" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2271", "reference_id": "CVE-2015-2271", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2271" }, { "reference_url": "https://github.com/advisories/GHSA-v3wp-35g3-m9mm", "reference_id": "GHSA-v3wp-35g3-m9mm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v3wp-35g3-m9mm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62127?format=api", "purl": "pkg:composer/moodle/moodle@2.8.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4" } ], "aliases": [ "CVE-2015-2271", "GHSA-v3wp-35g3-m9mm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3yp-gq4c-vyf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43576?format=api", "vulnerability_id": "VCID-dnya-ef8u-6bg1", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nadmin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167" }, { "reference_url": "https://github.com/moodle/moodle/commit/214950de2a4149f0efeabf62b0978901c1c68015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/214950de2a4149f0efeabf62b0978901c1c68015" }, { "reference_url": "https://github.com/moodle/moodle/commit/406a0efd3720d3b9214508b2e47b8f4401061312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/406a0efd3720d3b9214508b2e47b8f4401061312" }, { "reference_url": "https://github.com/moodle/moodle/commit/475362630ba4c5073a05b1c81caf3a7f3f373cd1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/475362630ba4c5073a05b1c81caf3a7f3f373cd1" }, { "reference_url": "https://github.com/moodle/moodle/commit/4e5732e7fe0e9363618039d434cb5b774a8772b0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/4e5732e7fe0e9363618039d434cb5b774a8772b0" }, { "reference_url": "https://github.com/moodle/moodle/commit/89b97390d0bedd2567d61723f76caa222026d5fb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/89b97390d0bedd2567d61723f76caa222026d5fb" }, { "reference_url": "https://github.com/moodle/moodle/commit/ff7bacf32bbe148a7ab6db3b5fa69e106e54d6a4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ff7bacf32bbe148a7ab6db3b5fa69e106e54d6a4" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330176" }, { "reference_url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2154", "reference_id": "CVE-2016-2154", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2154" }, { "reference_url": "https://github.com/advisories/GHSA-fmq9-58q4-xjw5", "reference_id": "GHSA-fmq9-58q4-xjw5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fmq9-58q4-xjw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2154", "GHSA-fmq9-58q4-xjw5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnya-ef8u-6bg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38125?format=api", "vulnerability_id": "VCID-eaqp-7abt-6kg9", "summary": "Improper Access Control\nThe `save_submission` function in `mod/assign/externallib.php` in Moodle allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330182", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330182" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2159", "reference_id": "CVE-2016-2159", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2159" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2159" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eaqp-7abt-6kg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43703?format=api", "vulnerability_id": "VCID-emu7-jhv2-zqb8", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/07/13/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/07/13/2" }, { "reference_url": "https://github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8" }, { "reference_url": "https://github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36" }, { "reference_url": "https://github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b" }, { "reference_url": "https://github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=316664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=316664" }, { "reference_url": "https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3274", "reference_id": "CVE-2015-3274", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3274" }, { "reference_url": "https://github.com/advisories/GHSA-f7qm-q26p-6rr2", "reference_id": "GHSA-f7qm-q26p-6rr2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f7qm-q26p-6rr2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62468?format=api", "purl": "pkg:composer/moodle/moodle@2.8.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62469?format=api", "purl": "pkg:composer/moodle/moodle@2.9.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1" } ], "aliases": [ "CVE-2015-3274", "GHSA-f7qm-q26p-6rr2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emu7-jhv2-zqb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43707?format=api", "vulnerability_id": "VCID-evke-m8nn-6ua3", "summary": "Moodle allows attackers to enter additional answer attempts\nThe lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516" }, { "reference_url": "https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84" }, { "reference_url": "https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869" }, { "reference_url": "https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091" }, { "reference_url": "https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc" }, { "reference_url": "https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4" }, { "reference_url": "https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d" }, { "reference_url": "https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840" }, { "reference_url": "https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac" }, { "reference_url": "https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca" }, { "reference_url": "https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=320287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=320287" }, { "reference_url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5264", "reference_id": "CVE-2015-5264", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5264" }, { "reference_url": "https://github.com/advisories/GHSA-mm9q-3847-m48x", "reference_id": "GHSA-mm9q-3847-m48x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mm9q-3847-m48x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62295?format=api", "purl": "pkg:composer/moodle/moodle@2.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2" } ], "aliases": [ "CVE-2015-5264", "GHSA-mm9q-3847-m48x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-evke-m8nn-6ua3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43637?format=api", "vulnerability_id": "VCID-fpuj-f6nx-n7a9", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject arbitrary web script or HTML via a modified grouping description.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709" }, { "reference_url": "https://github.com/moodle/moodle/commit/45f3b5302d645ba13ca8b68b0106a638ebd21980", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/45f3b5302d645ba13ca8b68b0106a638ebd21980" }, { "reference_url": "https://github.com/moodle/moodle/commit/a44fed5c804b52e82c334c37dcc1c12b77f97af8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a44fed5c804b52e82c334c37dcc1c12b77f97af8" }, { "reference_url": "https://github.com/moodle/moodle/commit/ae6b18a9343083c1ab62d6eb535a7112bd7a3a50", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ae6b18a9343083c1ab62d6eb535a7112bd7a3a50" }, { "reference_url": "https://github.com/moodle/moodle/commit/fa5a3cdedcd92bd96881fa89a6ff5efd80bd3512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/fa5a3cdedcd92bd96881fa89a6ff5efd80bd3512" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=320293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=320293" }, { "reference_url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5269", "reference_id": "CVE-2015-5269", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5269" }, { "reference_url": "https://github.com/advisories/GHSA-5729-822w-j342", "reference_id": "GHSA-5729-822w-j342", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5729-822w-j342" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62295?format=api", "purl": "pkg:composer/moodle/moodle@2.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2" } ], "aliases": [ "CVE-2015-5269", "GHSA-5729-822w-j342" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fpuj-f6nx-n7a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38450?format=api", "vulnerability_id": "VCID-fsex-f512-pudv", "summary": "Injection Vulnerability\nIn Moodle, text injection can occur in email headers, potentially leading to outbound spam.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=336698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=336698" }, { "reference_url": "http://www.securityfocus.com/bid/92040", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/92040" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5013", "reference_id": "CVE-2016-5013", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5013" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53192?format=api", "purl": "pkg:composer/moodle/moodle@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vb67-yux5-ayhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/53193?format=api", "purl": "pkg:composer/moodle/moodle@3.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vb67-yux5-ayhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/53189?format=api", "purl": "pkg:composer/moodle/moodle@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vb67-yux5-ayhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1" } ], "aliases": [ "CVE-2016-5013" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fsex-f512-pudv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43752?format=api", "vulnerability_id": "VCID-g4hn-yz26-1beb", "summary": "Moodle allows attackers to bypass intended login restrictions\nlogin/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/78ec6751fc57bb17bb67c26870fea396390b9937", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/78ec6751fc57bb17bb67c26870fea396390b9937" }, { "reference_url": "https://github.com/moodle/moodle/commit/811ae9f082697495248c6c87ec80aeaf88c851fc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/811ae9f082697495248c6c87ec80aeaf88c851fc" }, { "reference_url": "https://github.com/moodle/moodle/commit/98c38993fd6cbd78bf5819c68c55fcfded6467c0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/98c38993fd6cbd78bf5819c68c55fcfded6467c0" }, { "reference_url": "https://github.com/moodle/moodle/commit/f236dcc35c3595dfcc77932d84660056e982a310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f236dcc35c3595dfcc77932d84660056e982a310" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313686" }, { "reference_url": "https://web.archive.org/web/20200228054915/http://www.securityfocus.com/bid/74725", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228054915/http://www.securityfocus.com/bid/74725" }, { "reference_url": "https://web.archive.org/web/20200501000000*/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200501000000*/http://www.securitytracker.com/id/1032358" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3179", "reference_id": "CVE-2015-3179", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3179" }, { "reference_url": "https://github.com/advisories/GHSA-4ppg-2mx6-fqx9", "reference_id": "GHSA-4ppg-2mx6-fqx9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4ppg-2mx6-fqx9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3179", "GHSA-4ppg-2mx6-fqx9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4hn-yz26-1beb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43627?format=api", "vulnerability_id": "VCID-gvan-87dt-b7fp", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nmod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49941", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49941" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/10c2b92448873a8479942098a090e7c16b44438d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/10c2b92448873a8479942098a090e7c16b44438d" }, { "reference_url": "https://github.com/moodle/moodle/commit/1ce4f44df7e793051211841b6a78ac77bd42fc99", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/1ce4f44df7e793051211841b6a78ac77bd42fc99" }, { "reference_url": "https://github.com/moodle/moodle/commit/39ae18a2f90fcf392a711dd41f9aa7627f72a762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/39ae18a2f90fcf392a711dd41f9aa7627f72a762" }, { "reference_url": "https://github.com/moodle/moodle/commit/e51fdfe0cbab19320f139773d83aacb1ad15eb46", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e51fdfe0cbab19320f139773d83aacb1ad15eb46" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313681" }, { "reference_url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358" }, { "reference_url": "http://www.securityfocus.com/bid/74719https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74719", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/74719https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3174", "reference_id": "CVE-2015-3174", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3174" }, { "reference_url": "https://github.com/advisories/GHSA-6r7x-6q98-qcqp", "reference_id": "GHSA-6r7x-6q98-qcqp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6r7x-6q98-qcqp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3174", "GHSA-6r7x-6q98-qcqp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gvan-87dt-b7fp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43411?format=api", "vulnerability_id": "VCID-hbky-xx53-vkct", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/03/16/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/03/16/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/ead8b28f92da72fb836cf9183aaf6f11a7eb1a21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ead8b28f92da72fb836cf9183aaf6f11a7eb1a21" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=307383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=307383" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2269", "reference_id": "CVE-2015-2269", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2269" }, { "reference_url": "https://github.com/advisories/GHSA-cp39-43xr-2wrp", "reference_id": "GHSA-cp39-43xr-2wrp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cp39-43xr-2wrp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62127?format=api", "purl": "pkg:composer/moodle/moodle@2.8.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4" } ], "aliases": [ "CVE-2015-2269", "GHSA-cp39-43xr-2wrp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hbky-xx53-vkct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43733?format=api", "vulnerability_id": "VCID-j11s-2mhg-pfdn", "summary": "Improper Access Control\nmdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/03/16/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/03/16/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/12a8fcb5e45c58ee8267ad0472852c2b80a19878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/12a8fcb5e45c58ee8267ad0472852c2b80a19878" }, { "reference_url": "https://github.com/moodle/moodle/commit/240e7be7341afa31096fdbf3f242a7966f6237ab", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/240e7be7341afa31096fdbf3f242a7966f6237ab" }, { "reference_url": "https://github.com/moodle/moodle/commit/4475f1e478370fb97933127ec60e40f39e285da1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/4475f1e478370fb97933127ec60e40f39e285da1" }, { "reference_url": "https://github.com/moodle/moodle/commit/76da7e9bc88669eab62f83f04639ba356a0b0c5a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/76da7e9bc88669eab62f83f04639ba356a0b0c5a" }, { "reference_url": "https://github.com/moodle/moodle/commit/83866c3c2a5b1391317172eea0b4f017c6d142d2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/83866c3c2a5b1391317172eea0b4f017c6d142d2" }, { "reference_url": "https://github.com/moodle/moodle/commit/84f9f60b67e1e20058fbe2afa473607d075aff63", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/84f9f60b67e1e20058fbe2afa473607d075aff63" }, { "reference_url": "https://github.com/moodle/moodle/commit/8d9bdd28e049ca6b6b2a4ab8f142097c2f907df6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/8d9bdd28e049ca6b6b2a4ab8f142097c2f907df6" }, { "reference_url": "https://github.com/moodle/moodle/commit/a47aabc7833d0c88a83791d99a1204742c33f59b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a47aabc7833d0c88a83791d99a1204742c33f59b" }, { "reference_url": "https://github.com/moodle/moodle/commit/c353a6202658f320096a41e94494063393153b7f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c353a6202658f320096a41e94494063393153b7f" }, { "reference_url": "https://github.com/moodle/moodle/commit/de169b7944e36d374d55e3f396d90ab2b4303afb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/de169b7944e36d374d55e3f396d90ab2b4303afb" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=307381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=307381" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2267", "reference_id": "CVE-2015-2267", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2267" }, { "reference_url": "https://github.com/advisories/GHSA-cm4r-58pj-h2ph", "reference_id": "GHSA-cm4r-58pj-h2ph", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cm4r-58pj-h2ph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62127?format=api", "purl": "pkg:composer/moodle/moodle@2.8.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4" } ], "aliases": [ "CVE-2015-2267", "GHSA-cm4r-58pj-h2ph" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j11s-2mhg-pfdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43441?format=api", "vulnerability_id": "VCID-jc19-ee46-4uh3", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nlib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50860", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50860" }, { "reference_url": "https://github.com/moodle/moodle/commit/289bc7f9e3022918b4cfd2cc9851472f0cea2896", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/289bc7f9e3022918b4cfd2cc9851472f0cea2896" }, { "reference_url": "https://github.com/moodle/moodle/commit/5337b2295237958c93b6c65fa595859aaa7bf257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5337b2295237958c93b6c65fa595859aaa7bf257" }, { "reference_url": "https://github.com/moodle/moodle/commit/6e8224365ffcdf328458ea7852dc62574e806119", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/6e8224365ffcdf328458ea7852dc62574e806119" }, { "reference_url": "https://github.com/moodle/moodle/commit/e4ac3879c2d1f8fe66caa74ff1544248bccef61e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e4ac3879c2d1f8fe66caa74ff1544248bccef61e" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=320291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=320291" }, { "reference_url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5267", "reference_id": "CVE-2015-5267", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5267" }, { "reference_url": "https://github.com/advisories/GHSA-382v-gxj9-ffhc", "reference_id": "GHSA-382v-gxj9-ffhc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-382v-gxj9-ffhc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62295?format=api", "purl": "pkg:composer/moodle/moodle@2.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2" } ], "aliases": [ "CVE-2015-5267", "GHSA-382v-gxj9-ffhc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jc19-ee46-4uh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43662?format=api", "vulnerability_id": "VCID-jcnw-cwmz-w7cz", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nThe core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant information via a web-service request.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51861", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51861" }, { "reference_url": "https://github.com/moodle/moodle/commit/12bc713081dc24b6eedea54281876e7c3f5579a6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/12bc713081dc24b6eedea54281876e7c3f5579a6" }, { "reference_url": "https://github.com/moodle/moodle/commit/512633461ae239677342b40d318803e15e1fd1aa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/512633461ae239677342b40d318803e15e1fd1aa" }, { "reference_url": "https://github.com/moodle/moodle/commit/b26b2407908abb1a8a4d37aebc18e03139c9776f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b26b2407908abb1a8a4d37aebc18e03139c9776f" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=323234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=323234" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5339", "reference_id": "CVE-2015-5339", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5339" }, { "reference_url": "https://github.com/advisories/GHSA-gmhr-6f43-7qpj", "reference_id": "GHSA-gmhr-6f43-7qpj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gmhr-6f43-7qpj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52551?format=api", "purl": "pkg:composer/moodle/moodle@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52553?format=api", "purl": "pkg:composer/moodle/moodle@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3" } ], "aliases": [ "CVE-2015-5339", "GHSA-gmhr-6f43-7qpj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jcnw-cwmz-w7cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38124?format=api", "vulnerability_id": "VCID-k6pw-51st-b3d2", "summary": "Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `advanced-search` feature in `mod_data` in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330175", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330175" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2153", "reference_id": "CVE-2016-2153", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2153" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2153" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6pw-51st-b3d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38558?format=api", "vulnerability_id": "VCID-kgvw-uxf4-wbc1", "summary": "Cross-Site Request Forgery (CSRF)\nA Cross-site request forgery (CSRF) vulnerability in `markposts.php` in Moodle allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933" }, { "reference_url": "http://www.securityfocus.com/bid/91281", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91281" }, { "reference_url": "http://www.securitytracker.com/id/1035902", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035902" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3734", "reference_id": "CVE-2016-3734", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3734" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53191?format=api", "purl": "pkg:composer/moodle/moodle@2.8.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-65y9-9ur2-pugc" }, { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-qtt4-455b-abb6" }, { "vulnerability": "VCID-v54t-5thx-1beu" }, { "vulnerability": "VCID-vb67-yux5-ayhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/53198?format=api", "purl": "pkg:composer/moodle/moodle@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-qtt4-455b-abb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/53199?format=api", "purl": "pkg:composer/moodle/moodle@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-qtt4-455b-abb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4" } ], "aliases": [ "CVE-2016-3734" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgvw-uxf4-wbc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43390?format=api", "vulnerability_id": "VCID-m6zk-p84r-vbh5", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nmod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50837", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50837" }, { "reference_url": "https://github.com/moodle/moodle/commit/03b1f63d40d09c206f641b246110c2371d3068a2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/03b1f63d40d09c206f641b246110c2371d3068a2" }, { "reference_url": "https://github.com/moodle/moodle/commit/3d58fd5841308018b32ca78206c74f27c4d4b9c3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/3d58fd5841308018b32ca78206c74f27c4d4b9c3" }, { "reference_url": "https://github.com/moodle/moodle/commit/5f65bb2e436620f9026b363484294299c2327740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5f65bb2e436620f9026b363484294299c2327740" }, { "reference_url": "https://github.com/moodle/moodle/commit/d01512e36c449f52ddc5e41db567d8f375fc153d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d01512e36c449f52ddc5e41db567d8f375fc153d" }, { "reference_url": "https://github.com/moodle/moodle/commit/d28eedd5363b4f081f9e66d0c9014d84792a89d7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d28eedd5363b4f081f9e66d0c9014d84792a89d7" }, { "reference_url": "https://github.com/moodle/moodle/commit/f1178ebcd9cf1c149892335c52f6ccad066e3e05", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f1178ebcd9cf1c149892335c52f6ccad066e3e05" }, { "reference_url": "https://github.com/moodle/moodle/commit/fe9bd2b8bb73e958067f2bdb227a8d0e7cffbcda", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/fe9bd2b8bb73e958067f2bdb227a8d0e7cffbcda" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=323236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=323236" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5341", "reference_id": "CVE-2015-5341", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5341" }, { "reference_url": "https://github.com/advisories/GHSA-c2r4-f8qv-2v7v", "reference_id": "GHSA-c2r4-f8qv-2v7v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c2r4-f8qv-2v7v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52551?format=api", "purl": "pkg:composer/moodle/moodle@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52553?format=api", "purl": "pkg:composer/moodle/moodle@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3" } ], "aliases": [ "CVE-2015-5341", "GHSA-c2r4-f8qv-2v7v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6zk-p84r-vbh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43527?format=api", "vulnerability_id": "VCID-n9uc-b76m-8fbs", "summary": "Moodle allows attackers to bypass file-management restrictions\nfiles/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/350397da93c557f577e7d62e7fc3e233792ad171", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/350397da93c557f577e7d62e7fc3e233792ad171" }, { "reference_url": "https://github.com/moodle/moodle/commit/4b6b64685affa66784fd238c1bbc1eb0651492a0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/4b6b64685affa66784fd238c1bbc1eb0651492a0" }, { "reference_url": "https://github.com/moodle/moodle/commit/57d9a750e3da6708dba13513e9b05e84a895ad9f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/57d9a750e3da6708dba13513e9b05e84a895ad9f" }, { "reference_url": "https://github.com/moodle/moodle/commit/8e8ee7530427a10e409386657484e9fd5effc438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/8e8ee7530427a10e409386657484e9fd5effc438" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313688" }, { "reference_url": "https://web.archive.org/web/20200228054133/http://www.securityfocus.com/bid/74728", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228054133/http://www.securityfocus.com/bid/74728" }, { "reference_url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3181", "reference_id": "CVE-2015-3181", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3181" }, { "reference_url": "https://github.com/advisories/GHSA-622h-cjgg-5mx6", "reference_id": "GHSA-622h-cjgg-5mx6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-622h-cjgg-5mx6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3181", "GHSA-622h-cjgg-5mx6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9uc-b76m-8fbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43721?format=api", "vulnerability_id": "VCID-nfdb-m7rg-47ca", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nmessage/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/03/16/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/03/16/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/2924ba1c73f9ed3d525987807f9d289b3eb38154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/2924ba1c73f9ed3d525987807f9d289b3eb38154" }, { "reference_url": "https://github.com/moodle/moodle/commit/553319be03c4ef8e62499841c8d5d94c6786ed6d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/553319be03c4ef8e62499841c8d5d94c6786ed6d" }, { "reference_url": "https://github.com/moodle/moodle/commit/c35df119a560e22d9e17f833b736b710b96431d9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c35df119a560e22d9e17f833b736b710b96431d9" }, { "reference_url": "https://github.com/moodle/moodle/commit/eb45017b61e35bcab8c35e2c544b1e4144ca1f16", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/eb45017b61e35bcab8c35e2c544b1e4144ca1f16" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=307380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=307380" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2266", "reference_id": "CVE-2015-2266", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2266" }, { "reference_url": "https://github.com/advisories/GHSA-35pr-gqm6-r366", "reference_id": "GHSA-35pr-gqm6-r366", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-35pr-gqm6-r366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62127?format=api", "purl": "pkg:composer/moodle/moodle@2.8.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4" } ], "aliases": [ "CVE-2015-2266", "GHSA-35pr-gqm6-r366" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfdb-m7rg-47ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43673?format=api", "vulnerability_id": "VCID-qtt4-455b-abb6", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nIn Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.", "references": [ { "reference_url": "https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=336699", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=336699" }, { "reference_url": "https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5014", "reference_id": "CVE-2016-5014", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5014" }, { "reference_url": "https://github.com/advisories/GHSA-c4cq-v4wp-28hg", "reference_id": "GHSA-c4cq-v4wp-28hg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c4cq-v4wp-28hg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53192?format=api", "purl": "pkg:composer/moodle/moodle@2.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vb67-yux5-ayhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/53193?format=api", "purl": "pkg:composer/moodle/moodle@3.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vb67-yux5-ayhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/53189?format=api", "purl": "pkg:composer/moodle/moodle@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vb67-yux5-ayhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1" } ], "aliases": [ "CVE-2016-5014", "GHSA-c4cq-v4wp-28hg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt4-455b-abb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43418?format=api", "vulnerability_id": "VCID-r3f7-9paf-83ht", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nDirectory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=af9a7937cc085f96bdbc4724cadec6eeae0242fc", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=af9a7937cc085f96bdbc4724cadec6eeae0242fc" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48980", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48980" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/02/04/15", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/02/04/15" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/02/09/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/02/09/2" }, { "reference_url": "https://github.com/moodle/moodle/commit/0289be1321babfa588fb5b18ebb08a296eed9eee", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/0289be1321babfa588fb5b18ebb08a296eed9eee" }, { "reference_url": "https://github.com/moodle/moodle/commit/a72f2cca7f08c354c18a3923c3f05eee50bdd434", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a72f2cca7f08c354c18a3923c3f05eee50bdd434" }, { "reference_url": "https://github.com/moodle/moodle/commit/af9a7937cc085f96bdbc4724cadec6eeae0242fc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/af9a7937cc085f96bdbc4724cadec6eeae0242fc" }, { "reference_url": "https://github.com/moodle/moodle/commit/cc496f5b27d36a8df4bcede997a484eb9719363b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/cc496f5b27d36a8df4bcede997a484eb9719363b" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=279956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=279956" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1493", "reference_id": "CVE-2015-1493", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1493" }, { "reference_url": "https://github.com/advisories/GHSA-gphj-63h8-r9vq", "reference_id": "GHSA-gphj-63h8-r9vq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gphj-63h8-r9vq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62260?format=api", "purl": "pkg:composer/moodle/moodle@2.8.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.3" } ], "aliases": [ "CVE-2015-1493", "GHSA-gphj-63h8-r9vq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r3f7-9paf-83ht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43398?format=api", "vulnerability_id": "VCID-rscq-xx52-2ua8", "summary": "Moodle allows attackers to cause a denial of service\nfilter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38466", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38466" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/03/16/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/03/16/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/07323f50ffc71f8ba1b2914ec8947451e32a61c1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/07323f50ffc71f8ba1b2914ec8947451e32a61c1" }, { "reference_url": "https://github.com/moodle/moodle/commit/12ba38e725440eda73301d1dd354583c26d2c65d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/12ba38e725440eda73301d1dd354583c26d2c65d" }, { "reference_url": "https://github.com/moodle/moodle/commit/1b249517781dbb49aa19040d7bb6d446d325bf8e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/1b249517781dbb49aa19040d7bb6d446d325bf8e" }, { "reference_url": "https://github.com/moodle/moodle/commit/5219605a81b494c5bb6210ade3ea02d16b1c0d06", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5219605a81b494c5bb6210ade3ea02d16b1c0d06" }, { "reference_url": "https://github.com/moodle/moodle/commit/71ab589855e6ce9fa9a30051f8efd6153284344e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/71ab589855e6ce9fa9a30051f8efd6153284344e" }, { "reference_url": "https://github.com/moodle/moodle/commit/82406581afc4fa6e18051900434004d8563cf5c0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/82406581afc4fa6e18051900434004d8563cf5c0" }, { "reference_url": "https://github.com/moodle/moodle/commit/fdab8c0a518357253ad26bd2f113d7393adf418a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/fdab8c0a518357253ad26bd2f113d7393adf418a" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=307382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=307382" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2268", "reference_id": "CVE-2015-2268", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2268" }, { "reference_url": "https://github.com/advisories/GHSA-36cm-vrqh-8p98", "reference_id": "GHSA-36cm-vrqh-8p98", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-36cm-vrqh-8p98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62127?format=api", "purl": "pkg:composer/moodle/moodle@2.8.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4" } ], "aliases": [ "CVE-2015-2268", "GHSA-36cm-vrqh-8p98" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rscq-xx52-2ua8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43716?format=api", "vulnerability_id": "VCID-ryws-mr9v-7yfp", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nlib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774" }, { "reference_url": "https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a" }, { "reference_url": "https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261" }, { "reference_url": "https://github.com/moodle/moodle/commit/7b9fbb1cf4228b39f81454cdb8370e7853fbe184", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7b9fbb1cf4228b39f81454cdb8370e7853fbe184" }, { "reference_url": "https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e" }, { "reference_url": "https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330180" }, { "reference_url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2158", "reference_id": "CVE-2016-2158", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2158" }, { "reference_url": "https://github.com/advisories/GHSA-m882-j7gq-v9p7", "reference_id": "GHSA-m882-j7gq-v9p7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m882-j7gq-v9p7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2158", "GHSA-m882-j7gq-v9p7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryws-mr9v-7yfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43437?format=api", "vulnerability_id": "VCID-s3bw-w61k-eqhy", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nThe account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50099", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50099" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/4f8b6d567494375017c4bc2228e1668d13b21645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/4f8b6d567494375017c4bc2228e1668d13b21645" }, { "reference_url": "https://github.com/moodle/moodle/commit/80eb5bc7b7da4927d2d8021e8c18cbd3a8093406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/80eb5bc7b7da4927d2d8021e8c18cbd3a8093406" }, { "reference_url": "https://github.com/moodle/moodle/commit/d5922686e7622e1aa58b9b31633f0906f5be2eb3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d5922686e7622e1aa58b9b31633f0906f5be2eb3" }, { "reference_url": "https://github.com/moodle/moodle/commit/e2e7e35da31ef174589d54f70e791d6acefb59c9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e2e7e35da31ef174589d54f70e791d6acefb59c9" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313683", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313683" }, { "reference_url": "https://web.archive.org/web/20200228054912/http://www.securityfocus.com/bid/74644", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228054912/http://www.securityfocus.com/bid/74644" }, { "reference_url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3176", "reference_id": "CVE-2015-3176", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3176" }, { "reference_url": "https://github.com/advisories/GHSA-fqrg-vmvj-jv3x", "reference_id": "GHSA-fqrg-vmvj-jv3x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fqrg-vmvj-jv3x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3176", "GHSA-fqrg-vmvj-jv3x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3bw-w61k-eqhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38561?format=api", "vulnerability_id": "VCID-s3ue-e5h8-f3dy", "summary": "Improper Access Control\nThe user editing form in Moodle allows remote authenticated users to edit profile fields locked by the administrator.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933" }, { "reference_url": "http://www.securitytracker.com/id/1035902", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035902" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3729", "reference_id": "CVE-2016-3729", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3729" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53191?format=api", "purl": "pkg:composer/moodle/moodle@2.8.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-65y9-9ur2-pugc" }, { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-qtt4-455b-abb6" }, { "vulnerability": "VCID-v54t-5thx-1beu" }, { "vulnerability": "VCID-vb67-yux5-ayhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/53198?format=api", "purl": "pkg:composer/moodle/moodle@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-qtt4-455b-abb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/53199?format=api", "purl": "pkg:composer/moodle/moodle@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-qtt4-455b-abb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4" } ], "aliases": [ "CVE-2016-3729" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3ue-e5h8-f3dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43712?format=api", "vulnerability_id": "VCID-sa6m-ecv7-x3ew", "summary": "Cross-Site Request Forgery (CSRF)\nCross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031" }, { "reference_url": "https://github.com/moodle/moodle/commit/01b19e761f94a4f3615d5c8f6314309aa83469f3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/01b19e761f94a4f3615d5c8f6314309aa83469f3" }, { "reference_url": "https://github.com/moodle/moodle/commit/1452f1e1d37d816648e3e015296de59509847287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/1452f1e1d37d816648e3e015296de59509847287" }, { "reference_url": "https://github.com/moodle/moodle/commit/55ba3a26d2710ce3c5f13287b0c3538b9a934fa4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/55ba3a26d2710ce3c5f13287b0c3538b9a934fa4" }, { "reference_url": "https://github.com/moodle/moodle/commit/85984545a937b0790c355473d7295eb60b0265eb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/85984545a937b0790c355473d7295eb60b0265eb" }, { "reference_url": "https://github.com/moodle/moodle/commit/a0cd21cd5cc63961243518a58e9d5d01182dbbb4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a0cd21cd5cc63961243518a58e9d5d01182dbbb4" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330179" }, { "reference_url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2157", "reference_id": "CVE-2016-2157", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2157" }, { "reference_url": "https://github.com/advisories/GHSA-f5pm-c4cw-563p", "reference_id": "GHSA-f5pm-c4cw-563p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f5pm-c4cw-563p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2157", "GHSA-f5pm-c4cw-563p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sa6m-ecv7-x3ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43402?format=api", "vulnerability_id": "VCID-t214-wxz7-a3df", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940" }, { "reference_url": "https://github.com/moodle/moodle/commit/12c232df76885effa5ebac08e3094d6db5aa9223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/12c232df76885effa5ebac08e3094d6db5aa9223" }, { "reference_url": "https://github.com/moodle/moodle/commit/31d0bf81af079bc285ea439ac5160f9e45697c88", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/31d0bf81af079bc285ea439ac5160f9e45697c88" }, { "reference_url": "https://github.com/moodle/moodle/commit/48d8989f13a6320c54b05f7d3ea552356cf85ed6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/48d8989f13a6320c54b05f7d3ea552356cf85ed6" }, { "reference_url": "https://github.com/moodle/moodle/commit/86cec86942c1cfcb92b840afd18deed9b9a34951", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/86cec86942c1cfcb92b840afd18deed9b9a34951" }, { "reference_url": "https://github.com/moodle/moodle/commit/b4f4232e1cf76334e4b8dda9cf68962b121e6bc0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b4f4232e1cf76334e4b8dda9cf68962b121e6bc0" }, { "reference_url": "https://github.com/moodle/moodle/commit/f03ec4ce85b3d361429d9f66dbbb478a353640c9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f03ec4ce85b3d361429d9f66dbbb478a353640c9" }, { "reference_url": "https://github.com/moodle/moodle/commit/fd14d2902fab15fa6affecc427bb11d3869d9afe", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/fd14d2902fab15fa6affecc427bb11d3869d9afe" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=323231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=323231" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5336", "reference_id": "CVE-2015-5336", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5336" }, { "reference_url": "https://github.com/advisories/GHSA-grvw-qq2j-r898", "reference_id": "GHSA-grvw-qq2j-r898", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-grvw-qq2j-r898" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52551?format=api", "purl": "pkg:composer/moodle/moodle@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52553?format=api", "purl": "pkg:composer/moodle/moodle@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3" } ], "aliases": [ "CVE-2015-5336", "GHSA-grvw-qq2j-r898" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t214-wxz7-a3df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43753?format=api", "vulnerability_id": "VCID-tmwc-f872-mufw", "summary": "Moodle allows attackers to bypass a forced-password-change requirement\nlogin/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691" }, { "reference_url": "https://github.com/moodle/moodle/commit/0899c0adc036e34e0c37ea1a8d3551610cdb4233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/0899c0adc036e34e0c37ea1a8d3551610cdb4233" }, { "reference_url": "https://github.com/moodle/moodle/commit/6e284d55b234287169f21e6ef8a9a237d6eedfe4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/6e284d55b234287169f21e6ef8a9a237d6eedfe4" }, { "reference_url": "https://github.com/moodle/moodle/commit/b0abcbda170b57649e0ed39ac5aca91dbc30337f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b0abcbda170b57649e0ed39ac5aca91dbc30337f" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=307386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=307386" }, { "reference_url": "https://web.archive.org/web/20200227182455/http://www.securityfocus.com/bid/73166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200227182455/http://www.securityfocus.com/bid/73166" }, { "reference_url": "http://www.securityfocus.com/bid/73166", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/73166" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2272", "reference_id": "CVE-2015-2272", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2272" }, { "reference_url": "https://github.com/advisories/GHSA-5659-g9p4-354f", "reference_id": "GHSA-5659-g9p4-354f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5659-g9p4-354f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62127?format=api", "purl": "pkg:composer/moodle/moodle@2.8.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4" } ], "aliases": [ "CVE-2015-2272", "GHSA-5659-g9p4-354f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tmwc-f872-mufw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43738?format=api", "vulnerability_id": "VCID-trvp-xzf5-pff8", "summary": "Cross-Site Request Forgery (CSRF)\nMultiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48109", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48109" }, { "reference_url": "https://github.com/moodle/moodle/commit/541c5b8552e0162010d0259c90a04eb63e875958", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/541c5b8552e0162010d0259c90a04eb63e875958" }, { "reference_url": "https://github.com/moodle/moodle/commit/817cae1ac7ca748ba368439a40ef67d555774485", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/817cae1ac7ca748ba368439a40ef67d555774485" }, { "reference_url": "https://github.com/moodle/moodle/commit/dcb42c9ed13b0c0ec2dde22b62ef69772d7725e6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/dcb42c9ed13b0c0ec2dde22b62ef69772d7725e6" }, { "reference_url": "https://github.com/moodle/moodle/commit/f75333766c7295932baa72a9dbe9542baf14e107", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f75333766c7295932baa72a9dbe9542baf14e107" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=323233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=323233" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5338", "reference_id": "CVE-2015-5338", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5338" }, { "reference_url": "https://github.com/advisories/GHSA-v33x-q8gh-4x42", "reference_id": "GHSA-v33x-q8gh-4x42", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v33x-q8gh-4x42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52551?format=api", "purl": "pkg:composer/moodle/moodle@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52553?format=api", "purl": "pkg:composer/moodle/moodle@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3" } ], "aliases": [ "CVE-2015-5338", "GHSA-v33x-q8gh-4x42" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-trvp-xzf5-pff8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43349?format=api", "vulnerability_id": "VCID-ujja-hfkh-wkez", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nuser/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433" }, { "reference_url": "https://github.com/moodle/moodle/commit/089ab60017cd3207990658fbd37f7f31948539fa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/089ab60017cd3207990658fbd37f7f31948539fa" }, { "reference_url": "https://github.com/moodle/moodle/commit/094fddd00f2e8e832e21e80f417c7b88b33a1f27", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/094fddd00f2e8e832e21e80f417c7b88b33a1f27" }, { "reference_url": "https://github.com/moodle/moodle/commit/85380c6b616e82e31115fbb585d37f0e15f8b0b2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/85380c6b616e82e31115fbb585d37f0e15f8b0b2" }, { "reference_url": "https://github.com/moodle/moodle/commit/8e24a54e526c149469bd77c910876c4489e87841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/8e24a54e526c149469bd77c910876c4489e87841" }, { "reference_url": "https://github.com/moodle/moodle/commit/a0034bb01773e36dffed2a665646f9cc31d68d5b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a0034bb01773e36dffed2a665646f9cc31d68d5b" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330173", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330173" }, { "reference_url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2151", "reference_id": "CVE-2016-2151", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2151" }, { "reference_url": "https://github.com/advisories/GHSA-r3fc-hx6q-g6cq", "reference_id": "GHSA-r3fc-hx6q-g6cq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r3fc-hx6q-g6cq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2151", "GHSA-r3fc-hx6q-g6cq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujja-hfkh-wkez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43546?format=api", "vulnerability_id": "VCID-uptz-tj66-7yfk", "summary": "Moodle Arbitrary Redirect\nMultiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a" }, { "reference_url": "https://github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313682" }, { "reference_url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358" }, { "reference_url": "https://web.archive.org/web/20210122155902/http://www.securityfocus.com/bid/74720", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210122155902/http://www.securityfocus.com/bid/74720" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3175", "reference_id": "CVE-2015-3175", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3175" }, { "reference_url": "https://github.com/advisories/GHSA-h798-h7ff-93xv", "reference_id": "GHSA-h798-h7ff-93xv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h798-h7ff-93xv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3175", "GHSA-h798-h7ff-93xv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uptz-tj66-7yfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43519?format=api", "vulnerability_id": "VCID-v54t-5thx-1beu", "summary": "Improper Access Control\nIn Moodle 2.x and 3.x, the question engine allows access to files that should not be available.", "references": [ { "reference_url": "https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=343275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=343275" }, { "reference_url": "https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8642", "reference_id": "CVE-2016-8642", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8642" }, { "reference_url": "https://github.com/advisories/GHSA-x32v-7qw8-cpq8", "reference_id": "GHSA-x32v-7qw8-cpq8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x32v-7qw8-cpq8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53206?format=api", "purl": "pkg:composer/moodle/moodle@2.9.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-65y9-9ur2-pugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/53207?format=api", "purl": "pkg:composer/moodle/moodle@3.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-65y9-9ur2-pugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/52966?format=api", "purl": "pkg:composer/moodle/moodle@3.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-65y9-9ur2-pugc" }, { "vulnerability": "VCID-e2zc-7ujn-wybu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.3" } ], "aliases": [ "CVE-2016-8642", "GHSA-x32v-7qw8-cpq8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v54t-5thx-1beu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43743?format=api", "vulnerability_id": "VCID-v6ha-ekxw-7bfr", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/07/13/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/07/13/2" }, { "reference_url": "https://github.com/moodle/moodle/commit/46460a23035ad35caa50c2083ce6327f7723002e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/46460a23035ad35caa50c2083ce6327f7723002e" }, { "reference_url": "https://github.com/moodle/moodle/commit/476e97f280f5fa146f3ab676dd6f07de481ad9e8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/476e97f280f5fa146f3ab676dd6f07de481ad9e8" }, { "reference_url": "https://github.com/moodle/moodle/commit/d942f0311c0d4d8200b9d3244cc8847046abc32e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d942f0311c0d4d8200b9d3244cc8847046abc32e" }, { "reference_url": "https://github.com/moodle/moodle/commit/f3e7afedb96e2637a30d9bebd5fa98d45eca5f55", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f3e7afedb96e2637a30d9bebd5fa98d45eca5f55" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=316665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=316665" }, { "reference_url": "https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3275", "reference_id": "CVE-2015-3275", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3275" }, { "reference_url": "https://github.com/advisories/GHSA-6922-5v25-p8jg", "reference_id": "GHSA-6922-5v25-p8jg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6922-5v25-p8jg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62468?format=api", "purl": "pkg:composer/moodle/moodle@2.8.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62469?format=api", "purl": "pkg:composer/moodle/moodle@2.9.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1" } ], "aliases": [ "CVE-2015-3275", "GHSA-6922-5v25-p8jg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ha-ekxw-7bfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38449?format=api", "vulnerability_id": "VCID-vb67-yux5-ayhf", "summary": "Weak Password Recovery Mechanism for Forgotten Password\nIn Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=339631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=339631" }, { "reference_url": "http://www.securityfocus.com/bid/93174", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/93174" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7038", "reference_id": "CVE-2016-7038", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7038" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53195?format=api", "purl": "pkg:composer/moodle/moodle@2.9.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v54t-5thx-1beu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/53196?format=api", "purl": "pkg:composer/moodle/moodle@3.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v54t-5thx-1beu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/52965?format=api", "purl": "pkg:composer/moodle/moodle@3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-k1bh-ymgt-e7cd" }, { "vulnerability": "VCID-v54t-5thx-1beu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.2" } ], "aliases": [ "CVE-2016-7038" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vb67-yux5-ayhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43532?format=api", "vulnerability_id": "VCID-wavt-rrws-3yhs", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749" }, { "reference_url": "https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78" }, { "reference_url": "https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5" }, { "reference_url": "https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f" }, { "reference_url": "https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b" }, { "reference_url": "https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313685" }, { "reference_url": "https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726" }, { "reference_url": "https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3178", "reference_id": "CVE-2015-3178", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3178" }, { "reference_url": "https://github.com/advisories/GHSA-9fmw-m4qx-6cq8", "reference_id": "GHSA-9fmw-m4qx-6cq8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9fmw-m4qx-6cq8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3178", "GHSA-9fmw-m4qx-6cq8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wavt-rrws-3yhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43478?format=api", "vulnerability_id": "VCID-wg45-hemm-97am", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nThe rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173" }, { "reference_url": "https://github.com/moodle/moodle/commit/20ff15e22b4f0abebe1ab5fbfd1d681c88765e2a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/20ff15e22b4f0abebe1ab5fbfd1d681c88765e2a" }, { "reference_url": "https://github.com/moodle/moodle/commit/4015226623111438158fa762b7ce61f6cf677665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/4015226623111438158fa762b7ce61f6cf677665" }, { "reference_url": "https://github.com/moodle/moodle/commit/731c2712e746053b1ca06b50118632305b447e02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/731c2712e746053b1ca06b50118632305b447e02" }, { "reference_url": "https://github.com/moodle/moodle/commit/fa57105063129eed83bf09d83348681501ff5b64", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/fa57105063129eed83bf09d83348681501ff5b64" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=320292", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=320292" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" }, { "reference_url": "http://www.securitytracker.com/id/1033619", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1033619" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5268", "reference_id": "CVE-2015-5268", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5268" }, { "reference_url": "https://github.com/advisories/GHSA-h34c-px28-rjgw", "reference_id": "GHSA-h34c-px28-rjgw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h34c-px28-rjgw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62295?format=api", "purl": "pkg:composer/moodle/moodle@2.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2" } ], "aliases": [ "CVE-2015-5268", "GHSA-h34c-px28-rjgw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wg45-hemm-97am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43634?format=api", "vulnerability_id": "VCID-x2qp-yggf-z7h7", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nCross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091" }, { "reference_url": "https://github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea" }, { "reference_url": "https://github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94" }, { "reference_url": "https://github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443" }, { "reference_url": "https://github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=323230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=323230" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5335", "reference_id": "CVE-2015-5335", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5335" }, { "reference_url": "https://github.com/advisories/GHSA-hpmv-wvq3-gj27", "reference_id": "GHSA-hpmv-wvq3-gj27", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hpmv-wvq3-gj27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52551?format=api", "purl": "pkg:composer/moodle/moodle@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52553?format=api", "purl": "pkg:composer/moodle/moodle@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3" } ], "aliases": [ "CVE-2015-5335", "GHSA-hpmv-wvq3-gj27" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2qp-yggf-z7h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38036?format=api", "vulnerability_id": "VCID-xmm4-zw49-3feh", "summary": "Information Exposure\nThe (1) `core_enrol_get_course_enrolment_methods` and (2) `enrol_self_get_instance_info` web services in Moodle do not consider the `moodle/course:viewhiddencourses` capability, which allows remote authenticated users to obtain sensitive information via a web-service request.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=326205", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=326205" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0724", "reference_id": "CVE-2016-0724", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0724" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52556?format=api", "purl": "pkg:composer/moodle/moodle@2.8.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/52557?format=api", "purl": "pkg:composer/moodle/moodle@2.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/52558?format=api", "purl": "pkg:composer/moodle/moodle@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2" } ], "aliases": [ "CVE-2016-0724" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmm4-zw49-3feh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43769?format=api", "vulnerability_id": "VCID-xy2y-yxfu-xfgm", "summary": "Moodle allows attackers to delete files\nThe wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371" }, { "reference_url": "https://github.com/moodle/moodle/commit/037e05e8b266bff4835f0d2eea33ef86fb71d585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/037e05e8b266bff4835f0d2eea33ef86fb71d585" }, { "reference_url": "https://github.com/moodle/moodle/commit/1d70050f33edb79b974de2509f18c943969589ea", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/1d70050f33edb79b974de2509f18c943969589ea" }, { "reference_url": "https://github.com/moodle/moodle/commit/40a154551fcdf0b9ea906f4d1313df29754f1fa1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/40a154551fcdf0b9ea906f4d1313df29754f1fa1" }, { "reference_url": "https://github.com/moodle/moodle/commit/78de2e86e8506222cf49b1cc6dc58467750ae83d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/78de2e86e8506222cf49b1cc6dc58467750ae83d" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=320289", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=320289" }, { "reference_url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5265", "reference_id": "CVE-2015-5265", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5265" }, { "reference_url": "https://github.com/advisories/GHSA-44xp-wj24-9xxj", "reference_id": "GHSA-44xp-wj24-9xxj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-44xp-wj24-9xxj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62295?format=api", "purl": "pkg:composer/moodle/moodle@2.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2" } ], "aliases": [ "CVE-2015-5265", "GHSA-44xp-wj24-9xxj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xy2y-yxfu-xfgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43537?format=api", "vulnerability_id": "VCID-y2vh-7r7h-9ugu", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nmod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47920", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47920" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/52555c36989b6704550ed0b3c6e832f5e7e150b7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/52555c36989b6704550ed0b3c6e832f5e7e150b7" }, { "reference_url": "https://github.com/moodle/moodle/commit/da4c33f510aabc0d7443c29a7c097cfd54b6c4a4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/da4c33f510aabc0d7443c29a7c097cfd54b6c4a4" }, { "reference_url": "https://github.com/moodle/moodle/commit/faf0cd9098517cd6274219b58f6f4a278d26455d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/faf0cd9098517cd6274219b58f6f4a278d26455d" }, { "reference_url": "https://github.com/moodle/moodle/commit/fc6619d5c0bb297e6736880ff5353bb668048002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/fc6619d5c0bb297e6736880ff5353bb668048002" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278611", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278611" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0211", "reference_id": "CVE-2015-0211", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0211" }, { "reference_url": "https://github.com/advisories/GHSA-frhc-9hwc-x7j3", "reference_id": "GHSA-frhc-9hwc-x7j3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-frhc-9hwc-x7j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0211", "GHSA-frhc-9hwc-x7j3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y2vh-7r7h-9ugu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43439?format=api", "vulnerability_id": "VCID-ym1r-ackg-4kc3", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\naccess.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/b9c86823c70a1cba20bca1c4b5b032ee1559e22d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b9c86823c70a1cba20bca1c4b5b032ee1559e22d" }, { "reference_url": "https://github.com/moodle/moodle/commit/c80603ddc4ba4e7d85ea2b79f644a4a041cee137", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c80603ddc4ba4e7d85ea2b79f644a4a041cee137" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278616" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0216", "reference_id": "CVE-2015-0216", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0216" }, { "reference_url": "https://github.com/advisories/GHSA-2jcw-r79x-4r5v", "reference_id": "GHSA-2jcw-r79x-4r5v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2jcw-r79x-4r5v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0216", "GHSA-2jcw-r79x-4r5v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ym1r-ackg-4kc3" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0" }