Lucene search

RedhatCVE-2016-2158

HistoryMay 22, 2016 - 8:59 p.m.

CVE-2016-2158

2016-05-2220:59:07

CWE-200

redhat

web.nvd.nist.gov

moodle

cve-2016-2158

information security

forcelogin

ajax

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.002

Percentile

54.8%

JSON

lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.

Affected configurations

Nvd

Node

moodlemoodleRange≤2.6.11

moodlemoodleMatch2.7.0

moodlemoodleMatch2.7.1

moodlemoodleMatch2.7.2

moodlemoodleMatch2.7.3

moodlemoodleMatch2.7.4

moodlemoodleMatch2.7.5

moodlemoodleMatch2.7.6

moodlemoodleMatch2.7.7

moodlemoodleMatch2.7.8

moodlemoodleMatch2.7.9

moodlemoodleMatch2.7.10

moodlemoodleMatch2.7.11

moodlemoodleMatch2.7.12

moodlemoodleMatch2.8.0

moodlemoodleMatch2.8.1

moodlemoodleMatch2.8.2

moodlemoodleMatch2.8.3

moodlemoodleMatch2.8.4

moodlemoodleMatch2.8.5

moodlemoodleMatch2.8.6

moodlemoodleMatch2.8.7

moodlemoodleMatch2.8.8

moodlemoodleMatch2.8.9

moodlemoodleMatch2.8.10

moodlemoodleMatch2.9.0

moodlemoodleMatch2.9.1

moodlemoodleMatch2.9.2

moodlemoodleMatch2.9.3

moodlemoodleMatch2.9.4

moodlemoodleMatch3.0.0

moodlemoodleMatch3.0.1

moodlemoodleMatch3.0.2

VendorProductVersionCPE
moodlemoodle2.9.3cpe:/a:moodle:moodle:2.9.3:::
moodlemoodle2.8.8cpe:/a:moodle:moodle:2.8.8:::
moodlemoodle2.7.5cpe:/a:moodle:moodle:2.7.5:::
moodlemoodle2.7.3cpe:/a:moodle:moodle:2.7.3:::
moodlemoodle3.0.2cpe:/a:moodle:moodle:3.0.2:::
moodlemoodle2.8.4cpe:/a:moodle:moodle:2.8.4:::
moodlemoodle2.9.0cpe:/a:moodle:moodle:2.9.0:::
moodlemoodle2.7.4cpe:/a:moodle:moodle:2.7.4:::
moodlemoodle2.8.9cpe:/a:moodle:moodle:2.8.9:::
moodlemoodlecpe:/a:moodle:moodle::::

Vendor	Product	Version	CPE
moodle	moodle	2.9.3	cpe:/a:moodle:moodle:2.9.3:::
moodle	moodle	2.8.8	cpe:/a:moodle:moodle:2.8.8:::
moodle	moodle	2.7.5	cpe:/a:moodle:moodle:2.7.5:::
moodle	moodle	2.7.3	cpe:/a:moodle:moodle:2.7.3:::
moodle	moodle	3.0.2	cpe:/a:moodle:moodle:3.0.2:::
moodle	moodle	2.8.4	cpe:/a:moodle:moodle:2.8.4:::
moodle	moodle	2.9.0	cpe:/a:moodle:moodle:2.9.0:::
moodle	moodle	2.7.4	cpe:/a:moodle:moodle:2.7.4:::
moodle	moodle	2.8.9	cpe:/a:moodle:moodle:2.8.9:::
moodle	moodle		cpe:/a:moodle:moodle::::