Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-dnya-ef8u-6bg1
Summary
Exposure of Sensitive Information to an Unauthorized Actor
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule.
Aliases
0
alias CVE-2016-2154
1
alias GHSA-fmq9-58q4-xjw5
Fixed_packages
0
url pkg:composer/moodle/moodle@2.8.11
purl pkg:composer/moodle/moodle@2.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kq5-ctsv-eka8
1
vulnerability VCID-8cc1-hbzm-87bx
2
vulnerability VCID-kgvw-uxf4-wbc1
3
vulnerability VCID-s3ue-e5h8-f3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11
1
url pkg:composer/moodle/moodle@2.9.5
purl pkg:composer/moodle/moodle@2.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kq5-ctsv-eka8
1
vulnerability VCID-8cc1-hbzm-87bx
2
vulnerability VCID-kgvw-uxf4-wbc1
3
vulnerability VCID-s3ue-e5h8-f3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5
2
url pkg:composer/moodle/moodle@3.0.3
purl pkg:composer/moodle/moodle@3.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kq5-ctsv-eka8
1
vulnerability VCID-8cc1-hbzm-87bx
2
vulnerability VCID-kgvw-uxf4-wbc1
3
vulnerability VCID-s3ue-e5h8-f3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3
Affected_packages
0
url pkg:composer/moodle/moodle@2.8.0
purl pkg:composer/moodle/moodle@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z6j-fs6f-eua1
1
vulnerability VCID-2y3m-yuaj-vkf2
2
vulnerability VCID-37j1-ym2f-1fbc
3
vulnerability VCID-37pj-u3gh-n7fd
4
vulnerability VCID-3kq3-v2u1-fyhz
5
vulnerability VCID-46jw-xjbu-b3f1
6
vulnerability VCID-4cx7-eaax-8uhr
7
vulnerability VCID-4kq5-ctsv-eka8
8
vulnerability VCID-5hx1-9xbg-g3fn
9
vulnerability VCID-5nfq-4syg-87da
10
vulnerability VCID-5vx4-qtb2-fqe9
11
vulnerability VCID-62yh-cpfr-9bb1
12
vulnerability VCID-65y9-9ur2-pugc
13
vulnerability VCID-7rut-8dau-e3cp
14
vulnerability VCID-8cc1-hbzm-87bx
15
vulnerability VCID-95mq-m2jz-a3ab
16
vulnerability VCID-9z66-z9af-17f7
17
vulnerability VCID-a34q-gbqw-1bbr
18
vulnerability VCID-a3pu-x51u-1udr
19
vulnerability VCID-an53-nu91-k3d7
20
vulnerability VCID-aqc8-tmeg-9fdd
21
vulnerability VCID-b9ej-hx7z-1bb8
22
vulnerability VCID-d3yp-gq4c-vyf8
23
vulnerability VCID-dnya-ef8u-6bg1
24
vulnerability VCID-eaqp-7abt-6kg9
25
vulnerability VCID-emu7-jhv2-zqb8
26
vulnerability VCID-evke-m8nn-6ua3
27
vulnerability VCID-fpuj-f6nx-n7a9
28
vulnerability VCID-fsex-f512-pudv
29
vulnerability VCID-g4hn-yz26-1beb
30
vulnerability VCID-gvan-87dt-b7fp
31
vulnerability VCID-hbky-xx53-vkct
32
vulnerability VCID-j11s-2mhg-pfdn
33
vulnerability VCID-jc19-ee46-4uh3
34
vulnerability VCID-jcnw-cwmz-w7cz
35
vulnerability VCID-k6pw-51st-b3d2
36
vulnerability VCID-kgvw-uxf4-wbc1
37
vulnerability VCID-m6zk-p84r-vbh5
38
vulnerability VCID-n9uc-b76m-8fbs
39
vulnerability VCID-nfdb-m7rg-47ca
40
vulnerability VCID-qtt4-455b-abb6
41
vulnerability VCID-r3f7-9paf-83ht
42
vulnerability VCID-rscq-xx52-2ua8
43
vulnerability VCID-ryws-mr9v-7yfp
44
vulnerability VCID-s3bw-w61k-eqhy
45
vulnerability VCID-s3ue-e5h8-f3dy
46
vulnerability VCID-sa6m-ecv7-x3ew
47
vulnerability VCID-t214-wxz7-a3df
48
vulnerability VCID-tmwc-f872-mufw
49
vulnerability VCID-trvp-xzf5-pff8
50
vulnerability VCID-ujja-hfkh-wkez
51
vulnerability VCID-uptz-tj66-7yfk
52
vulnerability VCID-v54t-5thx-1beu
53
vulnerability VCID-v6ha-ekxw-7bfr
54
vulnerability VCID-vb67-yux5-ayhf
55
vulnerability VCID-wavt-rrws-3yhs
56
vulnerability VCID-wg45-hemm-97am
57
vulnerability VCID-x2qp-yggf-z7h7
58
vulnerability VCID-xmm4-zw49-3feh
59
vulnerability VCID-xy2y-yxfu-xfgm
60
vulnerability VCID-y2vh-7r7h-9ugu
61
vulnerability VCID-ym1r-ackg-4kc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0
1
url pkg:composer/moodle/moodle@2.9.0
purl pkg:composer/moodle/moodle@2.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z6j-fs6f-eua1
1
vulnerability VCID-37j1-ym2f-1fbc
2
vulnerability VCID-37pj-u3gh-n7fd
3
vulnerability VCID-3kq3-v2u1-fyhz
4
vulnerability VCID-421n-34cp-cka8
5
vulnerability VCID-4cx7-eaax-8uhr
6
vulnerability VCID-4kq5-ctsv-eka8
7
vulnerability VCID-5hx1-9xbg-g3fn
8
vulnerability VCID-65y9-9ur2-pugc
9
vulnerability VCID-7rut-8dau-e3cp
10
vulnerability VCID-8cc1-hbzm-87bx
11
vulnerability VCID-a34q-gbqw-1bbr
12
vulnerability VCID-an53-nu91-k3d7
13
vulnerability VCID-b9ej-hx7z-1bb8
14
vulnerability VCID-dnya-ef8u-6bg1
15
vulnerability VCID-eaqp-7abt-6kg9
16
vulnerability VCID-emu7-jhv2-zqb8
17
vulnerability VCID-evke-m8nn-6ua3
18
vulnerability VCID-fpuj-f6nx-n7a9
19
vulnerability VCID-fsex-f512-pudv
20
vulnerability VCID-jc19-ee46-4uh3
21
vulnerability VCID-jcnw-cwmz-w7cz
22
vulnerability VCID-k6pw-51st-b3d2
23
vulnerability VCID-kgvw-uxf4-wbc1
24
vulnerability VCID-m6zk-p84r-vbh5
25
vulnerability VCID-qtt4-455b-abb6
26
vulnerability VCID-ryws-mr9v-7yfp
27
vulnerability VCID-s3ue-e5h8-f3dy
28
vulnerability VCID-sa6m-ecv7-x3ew
29
vulnerability VCID-t214-wxz7-a3df
30
vulnerability VCID-trvp-xzf5-pff8
31
vulnerability VCID-ujja-hfkh-wkez
32
vulnerability VCID-v54t-5thx-1beu
33
vulnerability VCID-v6ha-ekxw-7bfr
34
vulnerability VCID-vb67-yux5-ayhf
35
vulnerability VCID-wg45-hemm-97am
36
vulnerability VCID-x2qp-yggf-z7h7
37
vulnerability VCID-xmm4-zw49-3feh
38
vulnerability VCID-xy2y-yxfu-xfgm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.0
2
url pkg:composer/moodle/moodle@3.0.0
purl pkg:composer/moodle/moodle@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-37pj-u3gh-n7fd
2
vulnerability VCID-3kq3-v2u1-fyhz
3
vulnerability VCID-4kq5-ctsv-eka8
4
vulnerability VCID-5hx1-9xbg-g3fn
5
vulnerability VCID-5rbf-4dz3-2qdz
6
vulnerability VCID-65y9-9ur2-pugc
7
vulnerability VCID-7rut-8dau-e3cp
8
vulnerability VCID-8cc1-hbzm-87bx
9
vulnerability VCID-9nd7-4wve-97hc
10
vulnerability VCID-an53-nu91-k3d7
11
vulnerability VCID-dhku-uah4-ykh8
12
vulnerability VCID-dnya-ef8u-6bg1
13
vulnerability VCID-eaqp-7abt-6kg9
14
vulnerability VCID-fsex-f512-pudv
15
vulnerability VCID-k6pw-51st-b3d2
16
vulnerability VCID-kgvw-uxf4-wbc1
17
vulnerability VCID-qtt4-455b-abb6
18
vulnerability VCID-ryws-mr9v-7yfp
19
vulnerability VCID-s3ue-e5h8-f3dy
20
vulnerability VCID-sa6m-ecv7-x3ew
21
vulnerability VCID-ujja-hfkh-wkez
22
vulnerability VCID-v54t-5thx-1beu
23
vulnerability VCID-vb67-yux5-ayhf
24
vulnerability VCID-vtq4-fpr8-hudb
25
vulnerability VCID-xmm4-zw49-3feh
26
vulnerability VCID-zgzm-wj81-jkah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167
1
reference_url https://github.com/moodle/moodle/commit/214950de2a4149f0efeabf62b0978901c1c68015
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/214950de2a4149f0efeabf62b0978901c1c68015
2
reference_url https://github.com/moodle/moodle/commit/406a0efd3720d3b9214508b2e47b8f4401061312
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/406a0efd3720d3b9214508b2e47b8f4401061312
3
reference_url https://github.com/moodle/moodle/commit/475362630ba4c5073a05b1c81caf3a7f3f373cd1
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/475362630ba4c5073a05b1c81caf3a7f3f373cd1
4
reference_url https://github.com/moodle/moodle/commit/4e5732e7fe0e9363618039d434cb5b774a8772b0
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/4e5732e7fe0e9363618039d434cb5b774a8772b0
5
reference_url https://github.com/moodle/moodle/commit/89b97390d0bedd2567d61723f76caa222026d5fb
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/89b97390d0bedd2567d61723f76caa222026d5fb
6
reference_url https://github.com/moodle/moodle/commit/ff7bacf32bbe148a7ab6db3b5fa69e106e54d6a4
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/ff7bacf32bbe148a7ab6db3b5fa69e106e54d6a4
7
reference_url https://moodle.org/mod/forum/discuss.php?d=330176
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=330176
8
reference_url https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
reference_id
reference_type
scores
url https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
9
reference_url http://www.openwall.com/lists/oss-security/2016/03/21/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/03/21/1
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2154
reference_id CVE-2016-2154
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-2154
11
reference_url https://github.com/advisories/GHSA-fmq9-58q4-xjw5
reference_id GHSA-fmq9-58q4-xjw5
reference_type
scores
url https://github.com/advisories/GHSA-fmq9-58q4-xjw5
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-dnya-ef8u-6bg1