Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-wg45-hemm-97am

Summary

Exposure of Sensitive Information to an Unauthorized Actor
The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.

Aliases

alias	CVE-2015-5268

alias	GHSA-h34c-px28-rjgw

Fixed_packages

url	pkg:composer/moodle/moodle@2.7.10
purl	pkg:composer/moodle/moodle@2.7.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.10

url	pkg:composer/moodle/moodle@2.8.8
purl	pkg:composer/moodle/moodle@2.8.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8

url	pkg:composer/moodle/moodle@2.9.2
purl	pkg:composer/moodle/moodle@2.9.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2

Affected_packages

url pkg:composer/moodle/moodle@2.8.0

purl pkg:composer/moodle/moodle@2.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z6j-fs6f-eua1

vulnerability	VCID-2y3m-yuaj-vkf2

vulnerability	VCID-37j1-ym2f-1fbc

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3kq3-v2u1-fyhz

vulnerability	VCID-46jw-xjbu-b3f1

vulnerability	VCID-4cx7-eaax-8uhr

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5hx1-9xbg-g3fn

vulnerability	VCID-5nfq-4syg-87da

vulnerability	VCID-5vx4-qtb2-fqe9

vulnerability	VCID-62yh-cpfr-9bb1

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-7rut-8dau-e3cp

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-95mq-m2jz-a3ab

vulnerability	VCID-9z66-z9af-17f7

vulnerability	VCID-a34q-gbqw-1bbr

vulnerability	VCID-a3pu-x51u-1udr

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-aqc8-tmeg-9fdd

vulnerability	VCID-b9ej-hx7z-1bb8

vulnerability	VCID-d3yp-gq4c-vyf8

vulnerability	VCID-dnya-ef8u-6bg1

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-emu7-jhv2-zqb8

vulnerability	VCID-evke-m8nn-6ua3

vulnerability	VCID-fpuj-f6nx-n7a9

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-g4hn-yz26-1beb

vulnerability	VCID-gvan-87dt-b7fp

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-j11s-2mhg-pfdn

vulnerability	VCID-jc19-ee46-4uh3

vulnerability	VCID-jcnw-cwmz-w7cz

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m6zk-p84r-vbh5

vulnerability	VCID-n9uc-b76m-8fbs

vulnerability	VCID-nfdb-m7rg-47ca

vulnerability	VCID-qtt4-455b-abb6

vulnerability	VCID-r3f7-9paf-83ht

vulnerability	VCID-rscq-xx52-2ua8

vulnerability	VCID-ryws-mr9v-7yfp

vulnerability	VCID-s3bw-w61k-eqhy

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-sa6m-ecv7-x3ew

vulnerability	VCID-t214-wxz7-a3df

vulnerability	VCID-tmwc-f872-mufw

vulnerability	VCID-trvp-xzf5-pff8

vulnerability	VCID-ujja-hfkh-wkez

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-v6ha-ekxw-7bfr

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-wavt-rrws-3yhs

vulnerability	VCID-wg45-hemm-97am

vulnerability	VCID-x2qp-yggf-z7h7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-xy2y-yxfu-xfgm

vulnerability	VCID-y2vh-7r7h-9ugu

vulnerability	VCID-ym1r-ackg-4kc3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0

url pkg:composer/moodle/moodle@2.9.0

purl pkg:composer/moodle/moodle@2.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z6j-fs6f-eua1

vulnerability	VCID-37j1-ym2f-1fbc

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3kq3-v2u1-fyhz

vulnerability	VCID-421n-34cp-cka8

vulnerability	VCID-4cx7-eaax-8uhr

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5hx1-9xbg-g3fn

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-7rut-8dau-e3cp

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a34q-gbqw-1bbr

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-b9ej-hx7z-1bb8

vulnerability	VCID-dnya-ef8u-6bg1

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-emu7-jhv2-zqb8

vulnerability	VCID-evke-m8nn-6ua3

vulnerability	VCID-fpuj-f6nx-n7a9

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jc19-ee46-4uh3

vulnerability	VCID-jcnw-cwmz-w7cz

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m6zk-p84r-vbh5

vulnerability	VCID-qtt4-455b-abb6

vulnerability	VCID-ryws-mr9v-7yfp

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-sa6m-ecv7-x3ew

vulnerability	VCID-t214-wxz7-a3df

vulnerability	VCID-trvp-xzf5-pff8

vulnerability	VCID-ujja-hfkh-wkez

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-v6ha-ekxw-7bfr

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-wg45-hemm-97am

vulnerability	VCID-x2qp-yggf-z7h7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-xy2y-yxfu-xfgm

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.0

References

reference_url	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173
reference_id
reference_type
scores
url	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173

reference_url	https://github.com/moodle/moodle/commit/20ff15e22b4f0abebe1ab5fbfd1d681c88765e2a
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/20ff15e22b4f0abebe1ab5fbfd1d681c88765e2a

reference_url	https://github.com/moodle/moodle/commit/4015226623111438158fa762b7ce61f6cf677665
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/4015226623111438158fa762b7ce61f6cf677665

reference_url	https://github.com/moodle/moodle/commit/731c2712e746053b1ca06b50118632305b447e02
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/731c2712e746053b1ca06b50118632305b447e02

reference_url	https://github.com/moodle/moodle/commit/fa57105063129eed83bf09d83348681501ff5b64
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/fa57105063129eed83bf09d83348681501ff5b64

reference_url	https://moodle.org/mod/forum/discuss.php?d=320292
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=320292

reference_url	http://www.openwall.com/lists/oss-security/2015/09/21/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/09/21/1

reference_url	http://www.securitytracker.com/id/1033619
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1033619

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-5268
reference_id	CVE-2015-5268
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-5268

reference_url	https://github.com/advisories/GHSA-h34c-px28-rjgw
reference_id	GHSA-h34c-px28-rjgw
reference_type
scores
url	https://github.com/advisories/GHSA-h34c-px28-rjgw

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

cwe_id	264
name	Permissions, Privileges, and Access Controls
description	Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg45-hemm-97am

Vulnerability Instance