Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/moodle/moodle@2.1.4

Type composer

Namespace moodle

Name moodle

Version 2.1.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.6.2

Latest_non_vulnerable_version 5.1.2

Affected_by_vulnerabilities

url VCID-58bq-g4ne-g7dv

vulnerability_id VCID-58bq-g4ne-g7dv

summary

Insertion of Sensitive Information into Log File
Moodle before 2.2.2 has users' private files included in course backups

references

reference_url	http://docs.moodle.org/dev/Moodle_2.0.8_release_notes
reference_id
reference_type
scores
url	http://docs.moodle.org/dev/Moodle_2.0.8_release_notes

reference_url	http://docs.moodle.org/dev/Moodle_2.1.5_release_notes
reference_id
reference_type
scores
url	http://docs.moodle.org/dev/Moodle_2.1.5_release_notes

reference_url	http://docs.moodle.org/dev/Moodle_2.2.2_release_notes
reference_id
reference_type
scores
url	http://docs.moodle.org/dev/Moodle_2.2.2_release_notes

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156

reference_url	https://github.com/moodle/moodle/commit/37b6e7a03c77ea99fbe5224a15419e318019c570
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/37b6e7a03c77ea99fbe5224a15419e318019c570

reference_url	https://github.com/moodle/moodle/commit/ac6dc09c261219afa0191e9f2daf030bd071d272
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/ac6dc09c261219afa0191e9f2daf030bd071d272

reference_url	https://github.com/moodle/moodle/commit/f88224624dca76e1a8a2810fd8cc04292611f91c
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/f88224624dca76e1a8a2810fd8cc04292611f91c

reference_url	https://moodle.org/mod/forum/discuss.php?d=198623
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=198623

reference_url	https://access.redhat.com/security/cve/cve-2012-1156
reference_id	CVE-2012-1156
reference_type
scores
url	https://access.redhat.com/security/cve/cve-2012-1156

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2012-1156
reference_id	CVE-2012-1156
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2012-1156

reference_url	https://security-tracker.debian.org/tracker/CVE-2012-1156
reference_id	CVE-2012-1156
reference_type
scores
url	https://security-tracker.debian.org/tracker/CVE-2012-1156

reference_url	https://github.com/advisories/GHSA-358r-g2xw-7c83
reference_id	GHSA-358r-g2xw-7c83
reference_type
scores
url	https://github.com/advisories/GHSA-358r-g2xw-7c83

fixed_packages

url	pkg:composer/moodle/moodle@2.1.5
purl	pkg:composer/moodle/moodle@2.1.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.5

url	pkg:composer/moodle/moodle@2.2.2
purl	pkg:composer/moodle/moodle@2.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.2

aliases CVE-2012-1156, GHSA-358r-g2xw-7c83

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58bq-g4ne-g7dv

url VCID-78xk-xk9s-3fhk

vulnerability_id VCID-78xk-xk9s-3fhk

summary

Incorrect Default Permissions
Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1157
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1157

reference_url	https://github.com/moodle/moodle/commit/246c2cb8e5af71a7d7c605b8fc9f9563e0fb3bc4
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/246c2cb8e5af71a7d7c605b8fc9f9563e0fb3bc4

reference_url	https://moodle.org/mod/forum/discuss.php?d=198624
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=198624

reference_url	https://access.redhat.com/security/cve/cve-2012-1157
reference_id	CVE-2012-1157
reference_type
scores
url	https://access.redhat.com/security/cve/cve-2012-1157

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2012-1157
reference_id	CVE-2012-1157
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2012-1157

reference_url	https://security-tracker.debian.org/tracker/CVE-2012-1157
reference_id	CVE-2012-1157
reference_type
scores
url	https://security-tracker.debian.org/tracker/CVE-2012-1157

reference_url	https://github.com/advisories/GHSA-2x36-7xfm-pgm7
reference_id	GHSA-2x36-7xfm-pgm7
reference_type
scores
url	https://github.com/advisories/GHSA-2x36-7xfm-pgm7

fixed_packages

url	pkg:composer/moodle/moodle@2.1.5
purl	pkg:composer/moodle/moodle@2.1.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.5

url	pkg:composer/moodle/moodle@2.2.2
purl	pkg:composer/moodle/moodle@2.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.2

aliases CVE-2012-1157, GHSA-2x36-7xfm-pgm7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78xk-xk9s-3fhk

url VCID-e188-zhnf-5bdt

vulnerability_id VCID-e188-zhnf-5bdt

summary

Exposure of Sensitive Information to an Unauthorized Actor
Moodle before 2.2.2: Overview report allows users to see hidden courses

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1159
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1159

reference_url	https://github.com/moodle/moodle/commit/31eae0eb1798642a2cabff2fdcf88af721632544
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/31eae0eb1798642a2cabff2fdcf88af721632544

reference_url	https://moodle.org/mod/forum/discuss.php?d=198628
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=198628

reference_url	https://access.redhat.com/security/cve/cve-2012-1159
reference_id	CVE-2012-1159
reference_type
scores
url	https://access.redhat.com/security/cve/cve-2012-1159

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2012-1159
reference_id	CVE-2012-1159
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2012-1159

reference_url	https://security-tracker.debian.org/tracker/CVE-2012-1159
reference_id	CVE-2012-1159
reference_type
scores
url	https://security-tracker.debian.org/tracker/CVE-2012-1159

reference_url	https://github.com/advisories/GHSA-p9hr-f4xj-8w8r
reference_id	GHSA-p9hr-f4xj-8w8r
reference_type
scores
url	https://github.com/advisories/GHSA-p9hr-f4xj-8w8r

fixed_packages

url	pkg:composer/moodle/moodle@2.1.5
purl	pkg:composer/moodle/moodle@2.1.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.5

url	pkg:composer/moodle/moodle@2.2.2
purl	pkg:composer/moodle/moodle@2.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.2

aliases CVE-2012-1159, GHSA-p9hr-f4xj-8w8r

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e188-zhnf-5bdt

Fixing_vulnerabilities

url VCID-4fd8-ukxn-5qd6

vulnerability_id VCID-4fd8-ukxn-5qd6

summary

Moodle Users Can Bypass Deleted Status
The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.

references

reference_url	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126
reference_id
reference_type
scores
url	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126

reference_url	http://moodle.org/mod/forum/discuss.php?d=194016
reference_id
reference_type
scores
url	http://moodle.org/mod/forum/discuss.php?d=194016

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=783532
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=783532

reference_url	https://github.com/moodle/moodle/commit/364622b4662d9f349f3701ed548cda2f31491fea
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/364622b4662d9f349f3701ed548cda2f31491fea

reference_url	https://github.com/moodle/moodle/commit/bbcde38b334ecbfa2a18b01b77a7e995b2c0d9f7
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/bbcde38b334ecbfa2a18b01b77a7e995b2c0d9f7

reference_url	https://github.com/moodle/moodle/commit/dbfa519ad9e4d33ac3a4cd506d606d56a2f0bbff
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/dbfa519ad9e4d33ac3a4cd506d606d56a2f0bbff

reference_url	https://github.com/moodle/moodle/commit/e922d9a90bab337b1082fbe28c352c18cae2580e
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/e922d9a90bab337b1082fbe28c352c18cae2580e

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2012-0797
reference_id	CVE-2012-0797
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2012-0797

reference_url	https://github.com/advisories/GHSA-72gv-qqrp-h9qg
reference_id	GHSA-72gv-qqrp-h9qg
reference_type
scores
url	https://github.com/advisories/GHSA-72gv-qqrp-h9qg

fixed_packages

url pkg:composer/moodle/moodle@2.0.7

purl pkg:composer/moodle/moodle@2.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-58bq-g4ne-g7dv

vulnerability	VCID-78xk-xk9s-3fhk

vulnerability	VCID-e188-zhnf-5bdt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.7

url pkg:composer/moodle/moodle@2.1.4

purl pkg:composer/moodle/moodle@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-58bq-g4ne-g7dv

vulnerability	VCID-78xk-xk9s-3fhk

vulnerability	VCID-e188-zhnf-5bdt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.4

url pkg:composer/moodle/moodle@2.2.1

purl pkg:composer/moodle/moodle@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-58bq-g4ne-g7dv

vulnerability	VCID-78xk-xk9s-3fhk

vulnerability	VCID-e188-zhnf-5bdt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.1

aliases CVE-2012-0797, GHSA-72gv-qqrp-h9qg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4fd8-ukxn-5qd6

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.4

Package Instance