Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-2vsp-tbwq-1qhf |
|---|
| Summary | Moodle does not enforce the forceloginforprofiles setting
user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search. |
|---|
| Aliases |
| 0 |
|
| 1 |
| alias |
GHSA-8r7x-qq55-74v2 |
|
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@2.2.0 |
| purl |
pkg:composer/moodle/moodle@2.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1uce-2wtr-8bfg |
|
| 1 |
| vulnerability |
VCID-29gm-tfg6-xkey |
|
| 2 |
| vulnerability |
VCID-2vsp-tbwq-1qhf |
|
| 3 |
| vulnerability |
VCID-41up-e414-hyba |
|
| 4 |
| vulnerability |
VCID-4cdk-8y5v-nba1 |
|
| 5 |
| vulnerability |
VCID-b2tv-8q9g-qqfz |
|
| 6 |
| vulnerability |
VCID-c9kg-rsj3-b3bw |
|
| 7 |
| vulnerability |
VCID-e2hb-w8g1-xbax |
|
| 8 |
| vulnerability |
VCID-et8t-f1u1-kudb |
|
| 9 |
| vulnerability |
VCID-jbvt-9yy2-afb4 |
|
| 10 |
| vulnerability |
VCID-mh2f-ytz5-9fhg |
|
| 11 |
| vulnerability |
VCID-vgxb-fkuj-9fgk |
|
| 12 |
| vulnerability |
VCID-y15n-cf9z-dyc4 |
|
| 13 |
| vulnerability |
VCID-yyug-rt71-yfds |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.0 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@2.3.0 |
| purl |
pkg:composer/moodle/moodle@2.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1uce-2wtr-8bfg |
|
| 1 |
| vulnerability |
VCID-2676-n5ah-aqbh |
|
| 2 |
| vulnerability |
VCID-2vsp-tbwq-1qhf |
|
| 3 |
| vulnerability |
VCID-41up-e414-hyba |
|
| 4 |
| vulnerability |
VCID-8c87-x99e-tqav |
|
| 5 |
| vulnerability |
VCID-9kbu-4u3w-jufu |
|
| 6 |
| vulnerability |
VCID-b2tv-8q9g-qqfz |
|
| 7 |
| vulnerability |
VCID-bgaz-b5zd-e7aj |
|
| 8 |
| vulnerability |
VCID-et8t-f1u1-kudb |
|
| 9 |
| vulnerability |
VCID-fu6f-fjmn-g7eh |
|
| 10 |
| vulnerability |
VCID-fwn7-hez1-ayhj |
|
| 11 |
| vulnerability |
VCID-kqg2-2xqk-q7ga |
|
| 12 |
| vulnerability |
VCID-mh2f-ytz5-9fhg |
|
| 13 |
| vulnerability |
VCID-pca7-qesm-qudu |
|
| 14 |
| vulnerability |
VCID-qgn8-zs2m-vkc4 |
|
| 15 |
| vulnerability |
VCID-r7wm-grca-3fgw |
|
| 16 |
| vulnerability |
VCID-vgxb-fkuj-9fgk |
|
| 17 |
| vulnerability |
VCID-y15n-cf9z-dyc4 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.0 |
|
| 3 |
| url |
pkg:composer/moodle/moodle@2.4.0 |
| purl |
pkg:composer/moodle/moodle@2.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1uce-2wtr-8bfg |
|
| 1 |
| vulnerability |
VCID-2vsp-tbwq-1qhf |
|
| 2 |
| vulnerability |
VCID-41up-e414-hyba |
|
| 3 |
| vulnerability |
VCID-9kbu-4u3w-jufu |
|
| 4 |
| vulnerability |
VCID-b2tv-8q9g-qqfz |
|
| 5 |
| vulnerability |
VCID-bgaz-b5zd-e7aj |
|
| 6 |
| vulnerability |
VCID-ea5s-xphb-6ub7 |
|
| 7 |
| vulnerability |
VCID-fu6f-fjmn-g7eh |
|
| 8 |
| vulnerability |
VCID-fwn7-hez1-ayhj |
|
| 9 |
| vulnerability |
VCID-h8xn-n98n-qqdv |
|
| 10 |
| vulnerability |
VCID-mh2f-ytz5-9fhg |
|
| 11 |
| vulnerability |
VCID-qgn8-zs2m-vkc4 |
|
| 12 |
| vulnerability |
VCID-qpu2-8paz-7ydv |
|
| 13 |
| vulnerability |
VCID-qxyw-7hnt-hqd6 |
|
| 14 |
| vulnerability |
VCID-r7wm-grca-3fgw |
|
| 15 |
| vulnerability |
VCID-vgxb-fkuj-9fgk |
|
| 16 |
| vulnerability |
VCID-y15n-cf9z-dyc4 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.0 |
|
|
|---|
| References |
|
|---|
| Weaknesses |
| 0 |
| cwe_id |
1035 |
| name |
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
| description |
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017. |
|
| 1 |
| cwe_id |
264 |
| name |
Permissions, Privileges, and Access Controls |
| description |
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. |
|
| 2 |
| cwe_id |
937 |
| name |
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities |
| description |
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013. |
|
|
|---|
| Exploits |
|
|---|
| Severity_range_score | null |
|---|
| Exploitability | null |
|---|
| Weighted_severity | null |
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-2vsp-tbwq-1qhf |
|---|