Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable8718.PRM
HistoryApr 20, 2015 - 12:00 a.m.

Moodle 2.7.x < 2.7.3 Information Disclosure

2015-04-2000:00:00
Tenable
www.tenable.com
6

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS

0.002

Percentile

52.7%

JSON

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.7.x prior to 2.7.3 are exposed to an information disclosure flaw because it does not consider the ‘moodle/grade:viewhidden’ capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the ‘core_grades_get_grades’ web service. Specifically, this affects the script ‘lib/classes/grades_external.php’. (MSA-14-0038 / CVE-2014-7831)

Binary data 8718.prm

Related

veracode 1
nvd 1
prion 1
cvelist 1
github 1
cve 1
ubuntucve 1
osv 1
veracode
veracode
Grade Information Leakage
2017-07-24 07:37:13
nvd
nvd
CVE-2014-7831
2014-11-24 11:59:01
prion
prion
Code injection
2014-11-24 11:59:00
cvelist
cvelist
CVE-2014-7831
2014-11-24 11:00:00
github
github
Moodle exposes hidden grades to students
2022-05-13 01:12:41
cve
cve
CVE-2014-7831
2014-11-24 11:59:01
ubuntucve
ubuntucve
CVE-2014-7831
2014-11-24 00:00:00
osv
osv
Moodle exposes hidden grades to students
2022-05-13 01:12:41

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS

0.002

Percentile

52.7%

JSON
Related for 8718.PRM
veracode1nvd1prion1cvelist1github1cve1ubuntucve1osv1