VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-fxnn-zf49-vuhh

Essentials
Severities (25)
References (13)
Severity details (23)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-fxnn-zf49-vuhh
Aliases	CVE-2016-2190 GHSA-r9pc-g29w-f86j
Summary	Moodle sensitive information disclosure Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.3	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52651
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52651
epss	0.00464	https://api.first.org/data/v1/epss?cve=CVE-2016-2190
epss	0.00464	https://api.first.org/data/v1/epss?cve=CVE-2016-2190
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-r9pc-g29w-f86j
cvssv3.1	5.3	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle
cvssv3.1	5.3	https://github.com/moodle/moodle/commit/1688564a6eee6000013f6e185f704049283ae375
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/1688564a6eee6000013f6e185f704049283ae375
cvssv3.1	5.3	https://github.com/moodle/moodle/commit/190757854d9ce3b3ce3100dc76de54277f3bdd14
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/190757854d9ce3b3ce3100dc76de54277f3bdd14
cvssv3.1	5.3	https://github.com/moodle/moodle/commit/314d105c169c67e3ce750f76b21d99983d4a9ff5
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/314d105c169c67e3ce750f76b21d99983d4a9ff5
cvssv3.1	5.3	https://github.com/moodle/moodle/commit/4d6f159f681882496e05ddacf2561929d2d23f0e
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/4d6f159f681882496e05ddacf2561929d2d23f0e
cvssv3.1	5.3	https://github.com/moodle/moodle/commit/9f91c23536a31ba2dc91b0ba2ae726b1757a20cb
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/9f91c23536a31ba2dc91b0ba2ae726b1757a20cb
cvssv3.1	5.3	https://moodle.org/mod/forum/discuss.php?d=330181
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=330181
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2016-2190
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2016-2190
cvssv3.1	5.3	https://web.archive.org/web/20210801130148/http://www.securitytracker.com/id/1035333
generic_textual	MODERATE	https://web.archive.org/web/20210801130148/http://www.securitytracker.com/id/1035333
cvssv3.1	5.3	http://www.openwall.com/lists/oss-security/2016/03/21/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2016/03/21/1

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52651
		https://api.first.org/data/v1/epss?cve=CVE-2016-2190
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/1688564a6eee6000013f6e185f704049283ae375
		https://github.com/moodle/moodle/commit/190757854d9ce3b3ce3100dc76de54277f3bdd14
		https://github.com/moodle/moodle/commit/314d105c169c67e3ce750f76b21d99983d4a9ff5
		https://github.com/moodle/moodle/commit/4d6f159f681882496e05ddacf2561929d2d23f0e
		https://github.com/moodle/moodle/commit/9f91c23536a31ba2dc91b0ba2ae726b1757a20cb
		https://moodle.org/mod/forum/discuss.php?d=330181
		https://nvd.nist.gov/vuln/detail/CVE-2016-2190
		https://web.archive.org/web/20210801130148/http://www.securitytracker.com/id/1035333
		http://www.openwall.com/lists/oss-security/2016/03/21/1
GHSA-r9pc-g29w-f86j		https://github.com/advisories/GHSA-r9pc-g29w-f86j

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52651

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/1688564a6eee6000013f6e185f704049283ae375

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/190757854d9ce3b3ce3100dc76de54277f3bdd14

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/314d105c169c67e3ce750f76b21d99983d4a9ff5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/4d6f159f681882496e05ddacf2561929d2d23f0e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/9f91c23536a31ba2dc91b0ba2ae726b1757a20cb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://moodle.org/mod/forum/discuss.php?d=330181

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-2190

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://web.archive.org/web/20210801130148/http://www.securitytracker.com/id/1035333

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2016/03/21/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.63324
EPSS Score	0.00464
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:30:37.270012+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r9pc-g29w-f86j/GHSA-r9pc-g29w-f86j.json	36.1.3