Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/moodle/moodle@3.3.2

Type composer

Namespace moodle

Name moodle

Version 3.3.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.3.6

Latest_non_vulnerable_version 5.1.2

Affected_by_vulnerabilities

url VCID-83kb-4mk9-t7ge

vulnerability_id VCID-83kb-4mk9-t7ge

summary

Information Exposure
Students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=361784
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=361784

reference_url	http://www.securityfocus.com/bid/101909
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101909

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-15110
reference_id	CVE-2017-15110
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-15110

fixed_packages

url pkg:composer/moodle/moodle@3.3.3

purl pkg:composer/moodle/moodle@3.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-nc2j-pay7-ryab

vulnerability	VCID-yghg-775s-vber

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3

aliases CVE-2017-15110

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-83kb-4mk9-t7ge

url VCID-zgzm-wj81-jkah

vulnerability_id VCID-zgzm-wj81-jkah

summary

Cross-site Scripting
Moodle has an XSS in the contact form on the "non-respondents" page in non-anonymous feedback.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=358585
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=358585

reference_url	http://www.securityfocus.com/bid/100867
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100867

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-12156
reference_id	CVE-2017-12156
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-12156

fixed_packages

url pkg:composer/moodle/moodle@3.3.3

purl pkg:composer/moodle/moodle@3.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-nc2j-pay7-ryab

vulnerability	VCID-yghg-775s-vber

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3

aliases CVE-2017-12156

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgzm-wj81-jkah

Fixing_vulnerabilities

url VCID-9nd7-4wve-97hc

vulnerability_id VCID-9nd7-4wve-97hc

summary

Information Exposure
Various course reports allow teachers to view details about users in the groups they cannot access.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=358586
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=358586

reference_url	http://www.securityfocus.com/bid/100848
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100848

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-12157
reference_id	CVE-2017-12157
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-12157

fixed_packages

url pkg:composer/moodle/moodle@3.1.8

purl pkg:composer/moodle/moodle@3.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-zgzm-wj81-jkah

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.8

url pkg:composer/moodle/moodle@3.2.5

purl pkg:composer/moodle/moodle@3.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-zgzm-wj81-jkah

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.5

url pkg:composer/moodle/moodle@3.3.2

purl pkg:composer/moodle/moodle@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-zgzm-wj81-jkah

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2

aliases CVE-2017-12157

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nd7-4wve-97hc

url VCID-q2fa-jymp-c3bb

vulnerability_id VCID-q2fa-jymp-c3bb

summary

Information Exposure
Moodle has a user fullname disclosure through the user preferences page.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=355554
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=355554

reference_url	http://www.securityfocus.com/bid/99606
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99606

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-2642
reference_id	CVE-2017-2642
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-2642

fixed_packages

url pkg:composer/moodle/moodle@3.1.7

purl pkg:composer/moodle/moodle@3.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9nd7-4wve-97hc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.7

url pkg:composer/moodle/moodle@3.2.4

purl pkg:composer/moodle/moodle@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9nd7-4wve-97hc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.4

url pkg:composer/moodle/moodle@3.3.2

purl pkg:composer/moodle/moodle@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-zgzm-wj81-jkah

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2

aliases CVE-2017-2642

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2fa-jymp-c3bb

url VCID-yp82-zj5g-pbaf

vulnerability_id VCID-yp82-zj5g-pbaf

summary

Improper Privilege Management
Course creators are able to change system default settings for courses.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=355556
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=355556

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7532
reference_id	CVE-2017-7532
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7532

fixed_packages

url pkg:composer/moodle/moodle@3.1.7

purl pkg:composer/moodle/moodle@3.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9nd7-4wve-97hc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.7

url pkg:composer/moodle/moodle@3.2.4

purl pkg:composer/moodle/moodle@3.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9nd7-4wve-97hc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.4

url pkg:composer/moodle/moodle@3.3.2

purl pkg:composer/moodle/moodle@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-zgzm-wj81-jkah

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2

aliases CVE-2017-7532

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yp82-zj5g-pbaf

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2

Package Instance