GitHub Advisory DatabaseGHSA-4PPG-2MX6-FQX9Moodle allows attackers to bypass intended login restrictions
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
56.4%
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090
openwall.com/lists/oss-security/2015/05/18/1
github.com/advisories/GHSA-4ppg-2mx6-fqx9
github.com/moodle/moodle/commit/78ec6751fc57bb17bb67c26870fea396390b9937
github.com/moodle/moodle/commit/811ae9f082697495248c6c87ec80aeaf88c851fc
github.com/moodle/moodle/commit/98c38993fd6cbd78bf5819c68c55fcfded6467c0
github.com/moodle/moodle/commit/f236dcc35c3595dfcc77932d84660056e982a310
moodle.org/mod/forum/discuss.php?d=313686
nvd.nist.gov/vuln/detail/CVE-2015-3179
web.archive.org/web/20200228054915/www.securityfocus.com/bid/74725
web.archive.org/web/20200501000000*/www.securitytracker.com/id/1032358
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
56.4%