GitHub Advisory DatabaseGHSA-GR8J-QM8R-RFGGMoodle Improper Access Control
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
50.8%
The “restore teacher” feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
www.openwall.com/lists/oss-security/2016/05/17/4
www.securitytracker.com/id/1035902
bugzilla.redhat.com/show_bug.cgi?id=1335933
github.com/advisories/GHSA-gr8j-qm8r-rfgg
github.com/moodle/moodle/commit/12c28574868d6f6e5c57fb63298c82cb8bdd0bb6
github.com/moodle/moodle/commit/24b0c3c86ae96e46b87d6e9d6bcf4a6014dae8f0
github.com/moodle/moodle/commit/2950f9fb9128f9ae48e00b864da90be76c2bf139
github.com/moodle/moodle/commit/3c9d2b104023a8b9fdc5f4d7e136083babd2609a
nvd.nist.gov/vuln/detail/CVE-2016-3733
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
50.8%