Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/43425?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43425?format=api", "vulnerability_id": "VCID-qgn8-zs2m-vkc4", "summary": "Moodle is vulnerable to Sensitive Information Disclosure\nThe core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report.", "aliases": [ { "alias": "CVE-2013-2080" }, { "alias": "GHSA-wmmc-qjq2-vvm2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62105?format=api", "purl": "pkg:composer/moodle/moodle@2.2.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/62267?format=api", "purl": "pkg:composer/moodle/moodle@2.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62268?format=api", "purl": "pkg:composer/moodle/moodle@2.4.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.4" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62266?format=api", "purl": "pkg:composer/moodle/moodle@2.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qgn8-zs2m-vkc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62102?format=api", "purl": "pkg:composer/moodle/moodle@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uce-2wtr-8bfg" }, { "vulnerability": "VCID-2676-n5ah-aqbh" }, { "vulnerability": "VCID-2vsp-tbwq-1qhf" }, { "vulnerability": "VCID-41up-e414-hyba" }, { "vulnerability": "VCID-8c87-x99e-tqav" }, { "vulnerability": "VCID-9kbu-4u3w-jufu" }, { "vulnerability": "VCID-b2tv-8q9g-qqfz" }, { "vulnerability": "VCID-bgaz-b5zd-e7aj" }, { "vulnerability": "VCID-et8t-f1u1-kudb" }, { "vulnerability": "VCID-fu6f-fjmn-g7eh" }, { "vulnerability": "VCID-fwn7-hez1-ayhj" }, { "vulnerability": "VCID-kqg2-2xqk-q7ga" }, { "vulnerability": "VCID-mh2f-ytz5-9fhg" }, { "vulnerability": "VCID-pca7-qesm-qudu" }, { "vulnerability": "VCID-qgn8-zs2m-vkc4" }, { "vulnerability": "VCID-r7wm-grca-3fgw" }, { "vulnerability": "VCID-vgxb-fkuj-9fgk" }, { "vulnerability": "VCID-y15n-cf9z-dyc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/62205?format=api", "purl": "pkg:composer/moodle/moodle@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uce-2wtr-8bfg" }, { "vulnerability": "VCID-2vsp-tbwq-1qhf" }, { "vulnerability": "VCID-41up-e414-hyba" }, { "vulnerability": "VCID-9kbu-4u3w-jufu" }, { "vulnerability": "VCID-b2tv-8q9g-qqfz" }, { "vulnerability": "VCID-bgaz-b5zd-e7aj" }, { "vulnerability": "VCID-ea5s-xphb-6ub7" }, { "vulnerability": "VCID-fu6f-fjmn-g7eh" }, { "vulnerability": "VCID-fwn7-hez1-ayhj" }, { "vulnerability": "VCID-h8xn-n98n-qqdv" }, { "vulnerability": "VCID-mh2f-ytz5-9fhg" }, { "vulnerability": "VCID-qgn8-zs2m-vkc4" }, { "vulnerability": "VCID-qpu2-8paz-7ydv" }, { "vulnerability": "VCID-qxyw-7hnt-hqd6" }, { "vulnerability": "VCID-r7wm-grca-3fgw" }, { "vulnerability": "VCID-vgxb-fkuj-9fgk" }, { "vulnerability": "VCID-y15n-cf9z-dyc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.0" } ], "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/05/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2013/05/21/1" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=228931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=228931" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2080", "reference_id": "CVE-2013-2080", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2080" }, { "reference_url": "https://github.com/advisories/GHSA-wmmc-qjq2-vvm2", "reference_id": "GHSA-wmmc-qjq2-vvm2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wmmc-qjq2-vvm2" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 264, "name": "Permissions, Privileges, and Access Controls", "description": "Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qgn8-zs2m-vkc4" }