GoogleOSV:GHSA-6XPM-Q8X9-J3RWMoodle allows attackers to bypass intended access restrictions
The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51569
github.com/moodle/moodle
github.com/moodle/moodle/commit/02d8c8ca394ba053905f9b87c155042aabf0ce1b
github.com/moodle/moodle/commit/09bb6f19e5814deb25ae6ceb8270063430b8941f
github.com/moodle/moodle/commit/5c16db4fc561c97b6a907398ea081cdaf6590214
github.com/moodle/moodle/commit/6283c33979001b035f9fc565b869296f66a61c4e
github.com/moodle/moodle/commit/7ca8c34045eb0d2031652b452492fe4abb2c7c8a
github.com/moodle/moodle/commit/97394274ee29f0a6eecab330b5bbb8ee335e7ece
github.com/moodle/moodle/commit/bdaa571437c6357f322871b068f02a4520b7a23d
github.com/moodle/moodle/commit/fb2491effb1a7d5d7abb0efba5b3929342990514
moodle.org/mod/forum/discuss.php?d=323237
nvd.nist.gov/vuln/detail/CVE-2015-5342
Related
