Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52705?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "3.0.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.9", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38559?format=api", "vulnerability_id": "VCID-4kq5-ctsv-eka8", "summary": "Improper Access Control\nThe \"restore teacher\" feature in Moodle allows remote authenticated users to overwrite the course id number.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933" }, { "reference_url": "http://www.securitytracker.com/id/1035902", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035902" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3733", "reference_id": "CVE-2016-3733", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3733" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53199?format=api", "purl": "pkg:composer/moodle/moodle@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-qtt4-455b-abb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4" } ], "aliases": [ "CVE-2016-3733" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kq5-ctsv-eka8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43702?format=api", "vulnerability_id": "VCID-8cc1-hbzm-87bx", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nThe capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933" }, { "reference_url": "https://web.archive.org/web/20210413170947/http://www.securitytracker.com/id/1035902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210413170947/http://www.securitytracker.com/id/1035902" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/05/17/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/05/17/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3732", "reference_id": "CVE-2016-3732", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3732" }, { "reference_url": "https://github.com/advisories/GHSA-5282-96ff-xx3h", "reference_id": "GHSA-5282-96ff-xx3h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5282-96ff-xx3h" } ], "fixed_packages": [], "aliases": [ "CVE-2016-3732", "GHSA-5282-96ff-xx3h" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8cc1-hbzm-87bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38558?format=api", "vulnerability_id": "VCID-kgvw-uxf4-wbc1", "summary": "Cross-Site Request Forgery (CSRF)\nA Cross-site request forgery (CSRF) vulnerability in `markposts.php` in Moodle allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933" }, { "reference_url": "http://www.securityfocus.com/bid/91281", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91281" }, { "reference_url": "http://www.securitytracker.com/id/1035902", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035902" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3734", "reference_id": "CVE-2016-3734", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3734" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53199?format=api", "purl": "pkg:composer/moodle/moodle@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-qtt4-455b-abb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4" } ], "aliases": [ "CVE-2016-3734" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgvw-uxf4-wbc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38561?format=api", "vulnerability_id": "VCID-s3ue-e5h8-f3dy", "summary": "Improper Access Control\nThe user editing form in Moodle allows remote authenticated users to edit profile fields locked by the administrator.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335933" }, { "reference_url": "http://www.securitytracker.com/id/1035902", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035902" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3729", "reference_id": "CVE-2016-3729", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3729" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53199?format=api", "purl": "pkg:composer/moodle/moodle@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-qtt4-455b-abb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4" } ], "aliases": [ "CVE-2016-3729" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3ue-e5h8-f3dy" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38122?format=api", "vulnerability_id": "VCID-37pj-u3gh-n7fd", "summary": "Insertion of Sensitive Information into Log File\nMoodle does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330181" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2190", "reference_id": "CVE-2016-2190", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52702?format=api", "purl": "pkg:composer/moodle/moodle@2.7.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2190" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37pj-u3gh-n7fd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43667?format=api", "vulnerability_id": "VCID-5hx1-9xbg-g3fn", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\ncalendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808" }, { "reference_url": "https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd" }, { "reference_url": "https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94" }, { "reference_url": "https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf" }, { "reference_url": "https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3" }, { "reference_url": "https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330178" }, { "reference_url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2156", "reference_id": "CVE-2016-2156", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2156" }, { "reference_url": "https://github.com/advisories/GHSA-h8vc-v44p-5r2q", "reference_id": "GHSA-h8vc-v44p-5r2q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h8vc-v44p-5r2q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52702?format=api", "purl": "pkg:composer/moodle/moodle@2.7.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2156", "GHSA-h8vc-v44p-5r2q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5hx1-9xbg-g3fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43762?format=api", "vulnerability_id": "VCID-7rut-8dau-e3cp", "summary": "Moodle allows attackers to modify \"Exclude grade\" settings\nThe grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify \"Exclude grade\" settings by leveraging the Non-Editing Instructor role.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378" }, { "reference_url": "https://github.com/moodle/moodle/commit/3328dc32a75d6aa4bc92865fa236dc6d52dcb7bf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/3328dc32a75d6aa4bc92865fa236dc6d52dcb7bf" }, { "reference_url": "https://github.com/moodle/moodle/commit/5208032b23b7999d7048a3da7a4b70c038d93506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5208032b23b7999d7048a3da7a4b70c038d93506" }, { "reference_url": "https://github.com/moodle/moodle/commit/71beedee8c82c378ed10a0569c8b19ec641df9e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/71beedee8c82c378ed10a0569c8b19ec641df9e3" }, { "reference_url": "https://github.com/moodle/moodle/commit/ad67b7eeea4abf194eb432d5958e9a7032ee2c25", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ad67b7eeea4abf194eb432d5958e9a7032ee2c25" }, { "reference_url": "https://github.com/moodle/moodle/commit/ae66ed23b6ae8000efd4e1f612697892c9795c65", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ae66ed23b6ae8000efd4e1f612697892c9795c65" }, { "reference_url": "https://github.com/moodle/moodle/commit/b74d0f8404651d9ad0d97fd7eb58a94079342eb3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b74d0f8404651d9ad0d97fd7eb58a94079342eb3" }, { "reference_url": "https://github.com/moodle/moodle/commit/c7f7b18adecb4a80c4f3defee31e72e591133693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c7f7b18adecb4a80c4f3defee31e72e591133693" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330177" }, { "reference_url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2155", "reference_id": "CVE-2016-2155", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2155" }, { "reference_url": "https://github.com/advisories/GHSA-32hg-73hp-vwc8", "reference_id": "GHSA-32hg-73hp-vwc8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-32hg-73hp-vwc8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2155", "GHSA-32hg-73hp-vwc8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7rut-8dau-e3cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38123?format=api", "vulnerability_id": "VCID-an53-nu91-k3d7", "summary": "Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in `auth/db/auth.php` in Moodle allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330174" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2152", "reference_id": "CVE-2016-2152", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2152" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52702?format=api", "purl": "pkg:composer/moodle/moodle@2.7.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2152" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-an53-nu91-k3d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43576?format=api", "vulnerability_id": "VCID-dnya-ef8u-6bg1", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nadmin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167" }, { "reference_url": "https://github.com/moodle/moodle/commit/214950de2a4149f0efeabf62b0978901c1c68015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/214950de2a4149f0efeabf62b0978901c1c68015" }, { "reference_url": "https://github.com/moodle/moodle/commit/406a0efd3720d3b9214508b2e47b8f4401061312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/406a0efd3720d3b9214508b2e47b8f4401061312" }, { "reference_url": "https://github.com/moodle/moodle/commit/475362630ba4c5073a05b1c81caf3a7f3f373cd1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/475362630ba4c5073a05b1c81caf3a7f3f373cd1" }, { "reference_url": "https://github.com/moodle/moodle/commit/4e5732e7fe0e9363618039d434cb5b774a8772b0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/4e5732e7fe0e9363618039d434cb5b774a8772b0" }, { "reference_url": "https://github.com/moodle/moodle/commit/89b97390d0bedd2567d61723f76caa222026d5fb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/89b97390d0bedd2567d61723f76caa222026d5fb" }, { "reference_url": "https://github.com/moodle/moodle/commit/ff7bacf32bbe148a7ab6db3b5fa69e106e54d6a4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ff7bacf32bbe148a7ab6db3b5fa69e106e54d6a4" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330176" }, { "reference_url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2154", "reference_id": "CVE-2016-2154", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2154" }, { "reference_url": "https://github.com/advisories/GHSA-fmq9-58q4-xjw5", "reference_id": "GHSA-fmq9-58q4-xjw5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fmq9-58q4-xjw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2154", "GHSA-fmq9-58q4-xjw5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnya-ef8u-6bg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38125?format=api", "vulnerability_id": "VCID-eaqp-7abt-6kg9", "summary": "Improper Access Control\nThe `save_submission` function in `mod/assign/externallib.php` in Moodle allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330182", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330182" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2159", "reference_id": "CVE-2016-2159", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2159" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52702?format=api", "purl": "pkg:composer/moodle/moodle@2.7.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2159" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eaqp-7abt-6kg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38124?format=api", "vulnerability_id": "VCID-k6pw-51st-b3d2", "summary": "Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `advanced-search` feature in `mod_data` in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330175", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330175" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2153", "reference_id": "CVE-2016-2153", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2153" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52702?format=api", "purl": "pkg:composer/moodle/moodle@2.7.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2153" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6pw-51st-b3d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43716?format=api", "vulnerability_id": "VCID-ryws-mr9v-7yfp", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nlib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774" }, { "reference_url": "https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a" }, { "reference_url": "https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261" }, { "reference_url": "https://github.com/moodle/moodle/commit/7b9fbb1cf4228b39f81454cdb8370e7853fbe184", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7b9fbb1cf4228b39f81454cdb8370e7853fbe184" }, { "reference_url": "https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e" }, { "reference_url": "https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330180" }, { "reference_url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2158", "reference_id": "CVE-2016-2158", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2158" }, { "reference_url": "https://github.com/advisories/GHSA-m882-j7gq-v9p7", "reference_id": "GHSA-m882-j7gq-v9p7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m882-j7gq-v9p7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52702?format=api", "purl": "pkg:composer/moodle/moodle@2.7.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2158", "GHSA-m882-j7gq-v9p7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryws-mr9v-7yfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43712?format=api", "vulnerability_id": "VCID-sa6m-ecv7-x3ew", "summary": "Cross-Site Request Forgery (CSRF)\nCross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031" }, { "reference_url": "https://github.com/moodle/moodle/commit/01b19e761f94a4f3615d5c8f6314309aa83469f3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/01b19e761f94a4f3615d5c8f6314309aa83469f3" }, { "reference_url": "https://github.com/moodle/moodle/commit/1452f1e1d37d816648e3e015296de59509847287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/1452f1e1d37d816648e3e015296de59509847287" }, { "reference_url": "https://github.com/moodle/moodle/commit/55ba3a26d2710ce3c5f13287b0c3538b9a934fa4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/55ba3a26d2710ce3c5f13287b0c3538b9a934fa4" }, { "reference_url": "https://github.com/moodle/moodle/commit/85984545a937b0790c355473d7295eb60b0265eb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/85984545a937b0790c355473d7295eb60b0265eb" }, { "reference_url": "https://github.com/moodle/moodle/commit/a0cd21cd5cc63961243518a58e9d5d01182dbbb4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a0cd21cd5cc63961243518a58e9d5d01182dbbb4" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330179" }, { "reference_url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2157", "reference_id": "CVE-2016-2157", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2157" }, { "reference_url": "https://github.com/advisories/GHSA-f5pm-c4cw-563p", "reference_id": "GHSA-f5pm-c4cw-563p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f5pm-c4cw-563p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52702?format=api", "purl": "pkg:composer/moodle/moodle@2.7.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2157", "GHSA-f5pm-c4cw-563p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sa6m-ecv7-x3ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43349?format=api", "vulnerability_id": "VCID-ujja-hfkh-wkez", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nuser/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433" }, { "reference_url": "https://github.com/moodle/moodle/commit/089ab60017cd3207990658fbd37f7f31948539fa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/089ab60017cd3207990658fbd37f7f31948539fa" }, { "reference_url": "https://github.com/moodle/moodle/commit/094fddd00f2e8e832e21e80f417c7b88b33a1f27", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/094fddd00f2e8e832e21e80f417c7b88b33a1f27" }, { "reference_url": "https://github.com/moodle/moodle/commit/85380c6b616e82e31115fbb585d37f0e15f8b0b2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/85380c6b616e82e31115fbb585d37f0e15f8b0b2" }, { "reference_url": "https://github.com/moodle/moodle/commit/8e24a54e526c149469bd77c910876c4489e87841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/8e24a54e526c149469bd77c910876c4489e87841" }, { "reference_url": "https://github.com/moodle/moodle/commit/a0034bb01773e36dffed2a665646f9cc31d68d5b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a0034bb01773e36dffed2a665646f9cc31d68d5b" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330173", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=330173" }, { "reference_url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/03/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2151", "reference_id": "CVE-2016-2151", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2151" }, { "reference_url": "https://github.com/advisories/GHSA-r3fc-hx6q-g6cq", "reference_id": "GHSA-r3fc-hx6q-g6cq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r3fc-hx6q-g6cq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52702?format=api", "purl": "pkg:composer/moodle/moodle@2.7.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:composer/moodle/moodle@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52704?format=api", "purl": "pkg:composer/moodle/moodle@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api", "purl": "pkg:composer/moodle/moodle@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" } ], "aliases": [ "CVE-2016-2151", "GHSA-r3fc-hx6q-g6cq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujja-hfkh-wkez" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3" }