Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-qgn8-zs2m-vkc4

Summary

Moodle is vulnerable to Sensitive Information Disclosure
The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report.

Aliases

alias	CVE-2013-2080

alias	GHSA-wmmc-qjq2-vvm2

Fixed_packages

url	pkg:composer/moodle/moodle@2.2.11
purl	pkg:composer/moodle/moodle@2.2.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.11

url	pkg:composer/moodle/moodle@2.3.7
purl	pkg:composer/moodle/moodle@2.3.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.7

url	pkg:composer/moodle/moodle@2.4.4
purl	pkg:composer/moodle/moodle@2.4.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.4

Affected_packages

url pkg:composer/moodle/moodle@2.2.10

purl pkg:composer/moodle/moodle@2.2.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qgn8-zs2m-vkc4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.10

url pkg:composer/moodle/moodle@2.3.0

purl pkg:composer/moodle/moodle@2.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1uce-2wtr-8bfg

vulnerability	VCID-2676-n5ah-aqbh

vulnerability	VCID-2vsp-tbwq-1qhf

vulnerability	VCID-41up-e414-hyba

vulnerability	VCID-8c87-x99e-tqav

vulnerability	VCID-9kbu-4u3w-jufu

vulnerability	VCID-b2tv-8q9g-qqfz

vulnerability	VCID-bgaz-b5zd-e7aj

vulnerability	VCID-et8t-f1u1-kudb

vulnerability	VCID-fu6f-fjmn-g7eh

vulnerability	VCID-fwn7-hez1-ayhj

vulnerability	VCID-kqg2-2xqk-q7ga

vulnerability	VCID-mh2f-ytz5-9fhg

vulnerability	VCID-pca7-qesm-qudu

vulnerability	VCID-qgn8-zs2m-vkc4

vulnerability	VCID-r7wm-grca-3fgw

vulnerability	VCID-vgxb-fkuj-9fgk

vulnerability	VCID-y15n-cf9z-dyc4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.0

url pkg:composer/moodle/moodle@2.4.0

purl pkg:composer/moodle/moodle@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1uce-2wtr-8bfg

vulnerability	VCID-2vsp-tbwq-1qhf

vulnerability	VCID-41up-e414-hyba

vulnerability	VCID-9kbu-4u3w-jufu

vulnerability	VCID-b2tv-8q9g-qqfz

vulnerability	VCID-bgaz-b5zd-e7aj

vulnerability	VCID-ea5s-xphb-6ub7

vulnerability	VCID-fu6f-fjmn-g7eh

vulnerability	VCID-fwn7-hez1-ayhj

vulnerability	VCID-h8xn-n98n-qqdv

vulnerability	VCID-mh2f-ytz5-9fhg

vulnerability	VCID-qgn8-zs2m-vkc4

vulnerability	VCID-qpu2-8paz-7ydv

vulnerability	VCID-qxyw-7hnt-hqd6

vulnerability	VCID-r7wm-grca-3fgw

vulnerability	VCID-vgxb-fkuj-9fgk

vulnerability	VCID-y15n-cf9z-dyc4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.0

References

reference_url	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475
reference_id
reference_type
scores
url	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html

reference_url	http://openwall.com/lists/oss-security/2013/05/21/1
reference_id
reference_type
scores
url	http://openwall.com/lists/oss-security/2013/05/21/1

reference_url	https://moodle.org/mod/forum/discuss.php?d=228931
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=228931

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2013-2080
reference_id	CVE-2013-2080
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2013-2080

reference_url	https://github.com/advisories/GHSA-wmmc-qjq2-vvm2
reference_id	GHSA-wmmc-qjq2-vvm2
reference_type
scores
url	https://github.com/advisories/GHSA-wmmc-qjq2-vvm2

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	264
name	Permissions, Privileges, and Access Controls
description	Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgn8-zs2m-vkc4

Vulnerability Instance