Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-sa6m-ecv7-x3ew

Summary

Cross-Site Request Forgery (CSRF)
Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.

Aliases

alias	CVE-2016-2157

alias	GHSA-f5pm-c4cw-563p

Fixed_packages

url pkg:composer/moodle/moodle@2.7.13

purl pkg:composer/moodle/moodle@2.7.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-s3ue-e5h8-f3dy

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13

url pkg:composer/moodle/moodle@2.8.11

purl pkg:composer/moodle/moodle@2.8.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-s3ue-e5h8-f3dy

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11

url pkg:composer/moodle/moodle@2.9.5

purl pkg:composer/moodle/moodle@2.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-s3ue-e5h8-f3dy

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5

url pkg:composer/moodle/moodle@3.0.3

purl pkg:composer/moodle/moodle@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-s3ue-e5h8-f3dy

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3

Affected_packages

url pkg:composer/moodle/moodle@2.8.0

purl pkg:composer/moodle/moodle@2.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z6j-fs6f-eua1

vulnerability	VCID-2y3m-yuaj-vkf2

vulnerability	VCID-37j1-ym2f-1fbc

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3kq3-v2u1-fyhz

vulnerability	VCID-46jw-xjbu-b3f1

vulnerability	VCID-4cx7-eaax-8uhr

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5hx1-9xbg-g3fn

vulnerability	VCID-5nfq-4syg-87da

vulnerability	VCID-5vx4-qtb2-fqe9

vulnerability	VCID-62yh-cpfr-9bb1

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-7rut-8dau-e3cp

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-95mq-m2jz-a3ab

vulnerability	VCID-9z66-z9af-17f7

vulnerability	VCID-a34q-gbqw-1bbr

vulnerability	VCID-a3pu-x51u-1udr

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-aqc8-tmeg-9fdd

vulnerability	VCID-b9ej-hx7z-1bb8

vulnerability	VCID-d3yp-gq4c-vyf8

vulnerability	VCID-dnya-ef8u-6bg1

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-emu7-jhv2-zqb8

vulnerability	VCID-evke-m8nn-6ua3

vulnerability	VCID-fpuj-f6nx-n7a9

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-g4hn-yz26-1beb

vulnerability	VCID-gvan-87dt-b7fp

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-j11s-2mhg-pfdn

vulnerability	VCID-jc19-ee46-4uh3

vulnerability	VCID-jcnw-cwmz-w7cz

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m6zk-p84r-vbh5

vulnerability	VCID-n9uc-b76m-8fbs

vulnerability	VCID-nfdb-m7rg-47ca

vulnerability	VCID-qtt4-455b-abb6

vulnerability	VCID-r3f7-9paf-83ht

vulnerability	VCID-rscq-xx52-2ua8

vulnerability	VCID-ryws-mr9v-7yfp

vulnerability	VCID-s3bw-w61k-eqhy

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-sa6m-ecv7-x3ew

vulnerability	VCID-t214-wxz7-a3df

vulnerability	VCID-tmwc-f872-mufw

vulnerability	VCID-trvp-xzf5-pff8

vulnerability	VCID-ujja-hfkh-wkez

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-v6ha-ekxw-7bfr

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-wavt-rrws-3yhs

vulnerability	VCID-wg45-hemm-97am

vulnerability	VCID-x2qp-yggf-z7h7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-xy2y-yxfu-xfgm

vulnerability	VCID-y2vh-7r7h-9ugu

vulnerability	VCID-ym1r-ackg-4kc3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0

url pkg:composer/moodle/moodle@2.9.0

purl pkg:composer/moodle/moodle@2.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z6j-fs6f-eua1

vulnerability	VCID-37j1-ym2f-1fbc

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3kq3-v2u1-fyhz

vulnerability	VCID-421n-34cp-cka8

vulnerability	VCID-4cx7-eaax-8uhr

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5hx1-9xbg-g3fn

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-7rut-8dau-e3cp

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a34q-gbqw-1bbr

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-b9ej-hx7z-1bb8

vulnerability	VCID-dnya-ef8u-6bg1

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-emu7-jhv2-zqb8

vulnerability	VCID-evke-m8nn-6ua3

vulnerability	VCID-fpuj-f6nx-n7a9

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jc19-ee46-4uh3

vulnerability	VCID-jcnw-cwmz-w7cz

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m6zk-p84r-vbh5

vulnerability	VCID-qtt4-455b-abb6

vulnerability	VCID-ryws-mr9v-7yfp

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-sa6m-ecv7-x3ew

vulnerability	VCID-t214-wxz7-a3df

vulnerability	VCID-trvp-xzf5-pff8

vulnerability	VCID-ujja-hfkh-wkez

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-v6ha-ekxw-7bfr

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-wg45-hemm-97am

vulnerability	VCID-x2qp-yggf-z7h7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-xy2y-yxfu-xfgm

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.0

url pkg:composer/moodle/moodle@3.0.0

purl pkg:composer/moodle/moodle@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3kq3-v2u1-fyhz

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5hx1-9xbg-g3fn

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-7rut-8dau-e3cp

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-dnya-ef8u-6bg1

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-qtt4-455b-abb6

vulnerability	VCID-ryws-mr9v-7yfp

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-sa6m-ecv7-x3ew

vulnerability	VCID-uhc9-p93a-gbau

vulnerability	VCID-ujja-hfkh-wkez

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-zgzm-wj81-jkah

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.0

References

reference_url	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031
reference_id
reference_type
scores
url	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031

reference_url	https://github.com/moodle/moodle/commit/01b19e761f94a4f3615d5c8f6314309aa83469f3
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/01b19e761f94a4f3615d5c8f6314309aa83469f3

reference_url	https://github.com/moodle/moodle/commit/1452f1e1d37d816648e3e015296de59509847287
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/1452f1e1d37d816648e3e015296de59509847287

reference_url	https://github.com/moodle/moodle/commit/55ba3a26d2710ce3c5f13287b0c3538b9a934fa4
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/55ba3a26d2710ce3c5f13287b0c3538b9a934fa4

reference_url	https://github.com/moodle/moodle/commit/85984545a937b0790c355473d7295eb60b0265eb
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/85984545a937b0790c355473d7295eb60b0265eb

reference_url	https://github.com/moodle/moodle/commit/a0cd21cd5cc63961243518a58e9d5d01182dbbb4
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/a0cd21cd5cc63961243518a58e9d5d01182dbbb4

reference_url	https://moodle.org/mod/forum/discuss.php?d=330179
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=330179

reference_url	https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
reference_id
reference_type
scores
url	https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333

reference_url	http://www.openwall.com/lists/oss-security/2016/03/21/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/03/21/1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-2157
reference_id	CVE-2016-2157
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-2157

reference_url	https://github.com/advisories/GHSA-f5pm-c4cw-563p
reference_id	GHSA-f5pm-c4cw-563p
reference_type
scores
url	https://github.com/advisories/GHSA-f5pm-c4cw-563p

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	352
name	Cross-Site Request Forgery (CSRF)
description	The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sa6m-ecv7-x3ew

Vulnerability Instance