Lucene search

K

GoogleOSV:GHSA-FP4H-J22R-VWCV

HistoryMay 13, 2022 - 1:12 a.m.

Moodle allows attackers to obtain sensitive course information

2022-05-1301:12:45

Google

osv.dev

8

moodle

vulnerability

course information

AI Score

6.3

Confidence

Low

EPSS

0.003

Percentile

70.3%

lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804

openwall.com/lists/oss-security/2015/03/16/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/1edd3d6fbfcc7ac757579a7953f03e3401c0c32d

github.com/moodle/moodle/commit/4ab4ec652cb7768a058eca7f69362e76d9ee0c62

github.com/moodle/moodle/commit/5f0bfb120f4a769518a77eff06fedc67c6040494

github.com/moodle/moodle/commit/cd060b5fe2b5d90ff87d3b345e5f802ef143f883

moodle.org/mod/forum/discuss.php?d=307384

nvd.nist.gov/vuln/detail/CVE-2015-2270

AI Score

6.3

Confidence

Low

EPSS

0.003

Percentile

70.3%

Related for OSV:GHSA-FP4H-J22R-VWCV

github1 nvd1 prion1 cve1 cvelist1 veracode1 ubuntucve1 nessus4 fedora3 openvas4 mageia1