Moodle 2.8.x < 2.8.11 / 2.9.x < 2.9.5 / 3.0.x < 3.0.3 Multiple Vulnerabilities

2016-04-0800:00:00

Tenable

www.tenable.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.002

Percentile

51.6%

JSON

Moodle, an open-source course management system, installed on the remote host is version 2.8.x prior to 2.8.11, or 2.9.x prior to 2.9.5, or 3.0.x prior to 3.0.3, and is affected by multiple vulnerabilities :

A flaw exists in the ‘admin/tool/monitor/lib.php’ script. This may allow an authenticated, remote attacker to disclose the names of hidden courses. (CVE-2016-2154)
A flaw exists in Single View grade report related to improper capability checks. This may allow an authenticated, remote attacker to edit exclude checkbox in Single View. (CVE-2016-2155)