Lucene search

K

GoogleOSV:GHSA-454R-4CJV-VC9H

HistoryMay 13, 2022 - 1:12 a.m.

Moodle allows attackers to obtain manager privileges

2022-05-1301:12:47

Google

osv.dev

4

moodle

enrol_meta_sync

remote authenticated users

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

51.6%

The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744

www.openwall.com/lists/oss-security/2015/09/21/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/936facab28d8d8bd03f38da42cb80fafba1a06db

github.com/moodle/moodle/commit/ab006d43e48add8e5495141d4d750c1531772ca2

github.com/moodle/moodle/commit/dff6cdc88355f22ebaaf8f00c44a1ad51d272344

github.com/moodle/moodle/commit/f7fbc80766b72ed1c9915698edd443ee8f6eafbd

moodle.org/mod/forum/discuss.php?d=320290

nvd.nist.gov/vuln/detail/CVE-2015-5266

web.archive.org/web/20160323063809/www.securitytracker.com/id/1033619

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

51.6%

Related for OSV:GHSA-454R-4CJV-VC9H

github1 ubuntucve1 nvd1 cve1 veracode1 cvelist1 prion1 openvas2 mageia1 freebsd1 nessus4 fedora2