Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ryws-mr9v-7yfp
Summary
Exposure of Sensitive Information to an Unauthorized Actor
lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.
Aliases
0
alias CVE-2016-2158
1
alias GHSA-m882-j7gq-v9p7
Fixed_packages
0
url pkg:composer/moodle/moodle@2.7.13
purl pkg:composer/moodle/moodle@2.7.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kq5-ctsv-eka8
1
vulnerability VCID-8cc1-hbzm-87bx
2
vulnerability VCID-kgvw-uxf4-wbc1
3
vulnerability VCID-s3ue-e5h8-f3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13
1
url pkg:composer/moodle/moodle@2.8.11
purl pkg:composer/moodle/moodle@2.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kq5-ctsv-eka8
1
vulnerability VCID-8cc1-hbzm-87bx
2
vulnerability VCID-kgvw-uxf4-wbc1
3
vulnerability VCID-s3ue-e5h8-f3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11
2
url pkg:composer/moodle/moodle@2.9.5
purl pkg:composer/moodle/moodle@2.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kq5-ctsv-eka8
1
vulnerability VCID-8cc1-hbzm-87bx
2
vulnerability VCID-kgvw-uxf4-wbc1
3
vulnerability VCID-s3ue-e5h8-f3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5
3
url pkg:composer/moodle/moodle@3.0.3
purl pkg:composer/moodle/moodle@3.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kq5-ctsv-eka8
1
vulnerability VCID-8cc1-hbzm-87bx
2
vulnerability VCID-kgvw-uxf4-wbc1
3
vulnerability VCID-s3ue-e5h8-f3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3
Affected_packages
0
url pkg:composer/moodle/moodle@2.8.0
purl pkg:composer/moodle/moodle@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z6j-fs6f-eua1
1
vulnerability VCID-2y3m-yuaj-vkf2
2
vulnerability VCID-37j1-ym2f-1fbc
3
vulnerability VCID-37pj-u3gh-n7fd
4
vulnerability VCID-3kq3-v2u1-fyhz
5
vulnerability VCID-46jw-xjbu-b3f1
6
vulnerability VCID-4cx7-eaax-8uhr
7
vulnerability VCID-4kq5-ctsv-eka8
8
vulnerability VCID-5hx1-9xbg-g3fn
9
vulnerability VCID-5nfq-4syg-87da
10
vulnerability VCID-5vx4-qtb2-fqe9
11
vulnerability VCID-62yh-cpfr-9bb1
12
vulnerability VCID-65y9-9ur2-pugc
13
vulnerability VCID-7rut-8dau-e3cp
14
vulnerability VCID-8cc1-hbzm-87bx
15
vulnerability VCID-95mq-m2jz-a3ab
16
vulnerability VCID-9z66-z9af-17f7
17
vulnerability VCID-a34q-gbqw-1bbr
18
vulnerability VCID-a3pu-x51u-1udr
19
vulnerability VCID-an53-nu91-k3d7
20
vulnerability VCID-aqc8-tmeg-9fdd
21
vulnerability VCID-b9ej-hx7z-1bb8
22
vulnerability VCID-d3yp-gq4c-vyf8
23
vulnerability VCID-dnya-ef8u-6bg1
24
vulnerability VCID-eaqp-7abt-6kg9
25
vulnerability VCID-emu7-jhv2-zqb8
26
vulnerability VCID-evke-m8nn-6ua3
27
vulnerability VCID-fpuj-f6nx-n7a9
28
vulnerability VCID-fsex-f512-pudv
29
vulnerability VCID-g4hn-yz26-1beb
30
vulnerability VCID-gvan-87dt-b7fp
31
vulnerability VCID-hbky-xx53-vkct
32
vulnerability VCID-j11s-2mhg-pfdn
33
vulnerability VCID-jc19-ee46-4uh3
34
vulnerability VCID-jcnw-cwmz-w7cz
35
vulnerability VCID-k6pw-51st-b3d2
36
vulnerability VCID-kgvw-uxf4-wbc1
37
vulnerability VCID-m6zk-p84r-vbh5
38
vulnerability VCID-n9uc-b76m-8fbs
39
vulnerability VCID-nfdb-m7rg-47ca
40
vulnerability VCID-qtt4-455b-abb6
41
vulnerability VCID-r3f7-9paf-83ht
42
vulnerability VCID-rscq-xx52-2ua8
43
vulnerability VCID-ryws-mr9v-7yfp
44
vulnerability VCID-s3bw-w61k-eqhy
45
vulnerability VCID-s3ue-e5h8-f3dy
46
vulnerability VCID-sa6m-ecv7-x3ew
47
vulnerability VCID-t214-wxz7-a3df
48
vulnerability VCID-tmwc-f872-mufw
49
vulnerability VCID-trvp-xzf5-pff8
50
vulnerability VCID-ujja-hfkh-wkez
51
vulnerability VCID-uptz-tj66-7yfk
52
vulnerability VCID-v54t-5thx-1beu
53
vulnerability VCID-v6ha-ekxw-7bfr
54
vulnerability VCID-vb67-yux5-ayhf
55
vulnerability VCID-wavt-rrws-3yhs
56
vulnerability VCID-wg45-hemm-97am
57
vulnerability VCID-x2qp-yggf-z7h7
58
vulnerability VCID-xmm4-zw49-3feh
59
vulnerability VCID-xy2y-yxfu-xfgm
60
vulnerability VCID-y2vh-7r7h-9ugu
61
vulnerability VCID-ym1r-ackg-4kc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0
1
url pkg:composer/moodle/moodle@2.9.0
purl pkg:composer/moodle/moodle@2.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z6j-fs6f-eua1
1
vulnerability VCID-37j1-ym2f-1fbc
2
vulnerability VCID-37pj-u3gh-n7fd
3
vulnerability VCID-3kq3-v2u1-fyhz
4
vulnerability VCID-421n-34cp-cka8
5
vulnerability VCID-4cx7-eaax-8uhr
6
vulnerability VCID-4kq5-ctsv-eka8
7
vulnerability VCID-5hx1-9xbg-g3fn
8
vulnerability VCID-65y9-9ur2-pugc
9
vulnerability VCID-7rut-8dau-e3cp
10
vulnerability VCID-8cc1-hbzm-87bx
11
vulnerability VCID-a34q-gbqw-1bbr
12
vulnerability VCID-an53-nu91-k3d7
13
vulnerability VCID-b9ej-hx7z-1bb8
14
vulnerability VCID-dnya-ef8u-6bg1
15
vulnerability VCID-eaqp-7abt-6kg9
16
vulnerability VCID-emu7-jhv2-zqb8
17
vulnerability VCID-evke-m8nn-6ua3
18
vulnerability VCID-fpuj-f6nx-n7a9
19
vulnerability VCID-fsex-f512-pudv
20
vulnerability VCID-jc19-ee46-4uh3
21
vulnerability VCID-jcnw-cwmz-w7cz
22
vulnerability VCID-k6pw-51st-b3d2
23
vulnerability VCID-kgvw-uxf4-wbc1
24
vulnerability VCID-m6zk-p84r-vbh5
25
vulnerability VCID-qtt4-455b-abb6
26
vulnerability VCID-ryws-mr9v-7yfp
27
vulnerability VCID-s3ue-e5h8-f3dy
28
vulnerability VCID-sa6m-ecv7-x3ew
29
vulnerability VCID-t214-wxz7-a3df
30
vulnerability VCID-trvp-xzf5-pff8
31
vulnerability VCID-ujja-hfkh-wkez
32
vulnerability VCID-v54t-5thx-1beu
33
vulnerability VCID-v6ha-ekxw-7bfr
34
vulnerability VCID-vb67-yux5-ayhf
35
vulnerability VCID-wg45-hemm-97am
36
vulnerability VCID-x2qp-yggf-z7h7
37
vulnerability VCID-xmm4-zw49-3feh
38
vulnerability VCID-xy2y-yxfu-xfgm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.0
2
url pkg:composer/moodle/moodle@3.0.0
purl pkg:composer/moodle/moodle@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-37pj-u3gh-n7fd
2
vulnerability VCID-3kq3-v2u1-fyhz
3
vulnerability VCID-4kq5-ctsv-eka8
4
vulnerability VCID-5hx1-9xbg-g3fn
5
vulnerability VCID-5rbf-4dz3-2qdz
6
vulnerability VCID-65y9-9ur2-pugc
7
vulnerability VCID-7rut-8dau-e3cp
8
vulnerability VCID-8cc1-hbzm-87bx
9
vulnerability VCID-9nd7-4wve-97hc
10
vulnerability VCID-an53-nu91-k3d7
11
vulnerability VCID-dhku-uah4-ykh8
12
vulnerability VCID-dnya-ef8u-6bg1
13
vulnerability VCID-eaqp-7abt-6kg9
14
vulnerability VCID-fsex-f512-pudv
15
vulnerability VCID-k6pw-51st-b3d2
16
vulnerability VCID-kgvw-uxf4-wbc1
17
vulnerability VCID-qtt4-455b-abb6
18
vulnerability VCID-ryws-mr9v-7yfp
19
vulnerability VCID-s3ue-e5h8-f3dy
20
vulnerability VCID-sa6m-ecv7-x3ew
21
vulnerability VCID-ujja-hfkh-wkez
22
vulnerability VCID-v54t-5thx-1beu
23
vulnerability VCID-vb67-yux5-ayhf
24
vulnerability VCID-vtq4-fpr8-hudb
25
vulnerability VCID-xmm4-zw49-3feh
26
vulnerability VCID-zgzm-wj81-jkah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774
1
reference_url https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a
2
reference_url https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261
3
reference_url https://github.com/moodle/moodle/commit/7b9fbb1cf4228b39f81454cdb8370e7853fbe184
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/7b9fbb1cf4228b39f81454cdb8370e7853fbe184
4
reference_url https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e
5
reference_url https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36
6
reference_url https://moodle.org/mod/forum/discuss.php?d=330180
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=330180
7
reference_url https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
reference_id
reference_type
scores
url https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
8
reference_url http://www.openwall.com/lists/oss-security/2016/03/21/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/03/21/1
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2158
reference_id CVE-2016-2158
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-2158
10
reference_url https://github.com/advisories/GHSA-m882-j7gq-v9p7
reference_id GHSA-m882-j7gq-v9p7
reference_type
scores
url https://github.com/advisories/GHSA-m882-j7gq-v9p7
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ryws-mr9v-7yfp