Lucene search

GoogleOSV:GHSA-4PPG-2MX6-FQX9

HistoryMay 13, 2022 - 1:12 a.m.

Moodle allows attackers to bypass intended login restrictions

2022-05-1301:12:45

Google

osv.dev

moodle

vulnerability

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

56.4%

JSON

login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090

openwall.com/lists/oss-security/2015/05/18/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/78ec6751fc57bb17bb67c26870fea396390b9937

github.com/moodle/moodle/commit/811ae9f082697495248c6c87ec80aeaf88c851fc

github.com/moodle/moodle/commit/98c38993fd6cbd78bf5819c68c55fcfded6467c0

github.com/moodle/moodle/commit/f236dcc35c3595dfcc77932d84660056e982a310

moodle.org/mod/forum/discuss.php?d=313686

nvd.nist.gov/vuln/detail/CVE-2015-3179

web.archive.org/web/20200228054915/www.securityfocus.com/bid/74725

web.archive.org/web/20200501000000*/www.securitytracker.com/id/1032358